07-07-2020 11:50 PM - edited 07-07-2020 11:51 PM
Hi
I have a scenario where I need to configure the below kind of ACL in ACI. How is possible to achieve it using contracts?
172.16.2.0/24=BD2 <<<VLAN2_EPG>>>
172.16.3.0/24=BD3 <<<VLAN3_EPG>>>
Currently I have the default contract applied.
SRV01=172.16.2.11
SRV02=172.16.2.12
SRV03=172.16.3.11
SRV04=172.16.3.12
If need to create contract based on the host, how is it possible to achieve.
Please note that this an example. My setup is much bigger where I have a requirement to create such kind policies using multiple end hosts
.
07-08-2020 11:56 PM - edited 07-08-2020 11:59 PM
Hi @faizal_vi
Contracts in ACI do not use IP for filtering. The filter entry in a contract is a rule that allows or denies traffic that is classified based on TCP/IP header fields, such as Layer 3 protocol type or Layer 4 ports.
If you have specific requirements between specific IP addresses, you can group the servers in dedicated uEPG and apply contracts on/between the specific uEPGs:
Regards,
Sergiu
07-22-2020 05:57 PM
07-22-2020 11:28 PM
No, you cannot have an EP in multiple uEPGs. However, you can configure multiple contracts on a single uEPG.
Stay safe,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide