Re: Cisco ACI l3out

Mohammed Athamneh · ‎02-25-2020

I'm trying to configure l3out between the ACI fabric and firewall with static route
configured all thing that i need form the ACI and firewall.

and configure a contract between external EPG that for l3out and my EPG's, but not working

it work when unenforced the policy control for the VRF, that mean i have the problem with the contract between the external EPG and my EPG's but i tried everything with no luck.

Any help, the contract configuration as below :

Remi-Astruc · ‎02-25-2020

Hi @Mohammed Athamneh ,

You have defined your contracts under EPG, which is a specific case for intra-EPG security.

Try to create your contract under the Contracts section of the Tenant, and consume/provide with your EPGs/L3Out.

Remi Astruc

Mohammed Athamneh · ‎02-26-2020

I'm already did that but with no luck
@Remi-Astruc

Mohammed Athamneh · ‎02-26-2020

I'm already did that but with no luck

Mohammed Athamneh · ‎02-26-2020

@Remi-Astruc
And as you see in screenshots above the intra-contract for the L4-L7 service graph and there is another contract between the EPG and external EPG which is L3out contract

please advice

Remi-Astruc · ‎02-26-2020

Hi @Mohammed Athamneh ,

Right, I overlooked that.

Then there may be different reasons for that and you'd need to provide more details for help (subnets in the external EPG, filters in the contract, reverse/bidirectional, what is your test traffic, are there drops in the acl logs, have you Faults, tried an ELAM, etc...)

Remi Astruc