02-07-2019 01:22 AM - edited 03-01-2019 05:46 AM
Dear Community,
i read about new Feature IntraEPG Contract. I'm trying to understand that right now because we have a requirement that goes in that direction.
We have the following scenario:
In an EPG we want to isolate EndPoint from each other so that they cannot talk to each other. However, each endpoint must be able to speak to exactly one endpoint. Can we use IntraEPG Contract for that? Or is IntraEPG isolation the wrong feature? Must micro EPGs (uEPGs) be used for this?
Addiotional Info, the EPGs are in the same Subnet (BD without Default GW)
I hope you can help me :)
Many greetings
Patrick
02-10-2019 05:12 AM - edited 02-10-2019 05:14 AM
Hi PatrickH1,
So traffic between EPs inside an EPG, either all or nothing, by using Intra-EPG isolation (traffic now is not allowed between EPs), you can control type of allowed traffic (based on filter) between EPs in the same EPG, so you can allow web traffic and barring the rest.
I hope it's clear now.
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.
02-10-2019 12:45 PM
Hello Mo.Fareed,
i know that behavior.
What I'm looking for is the ability to separate hosts in the same subnet so that they can only talk to one host but not to each other. different EPGs, same VLANs,
Kind Regards
Patrick
02-11-2019 12:00 AM
Hi PatrickH1,
You can apply it by applying different EPGs for same VLAN (traditional VLAN = same subnet).
Intra-EPG contract will be applied for all hosts in same EPG.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide