Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
4
Replies

Stopping all communication within a tenant

Go to solution
JL-CNO
Level 1
Level 1

‎06-30-2025 06:24 AM

In the case of if you wanted to shut down all communication between all EPG's, what would be the quickest way? Keeping in mind of having to revert the changes. As far as I know there is no way to select and shut down all the EPG's other than doing it one at a time.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jens Albrecht
Level 7
Level 7

‎06-30-2025 08:12 AM

Hello @JL-CNO,

as you mentioned Cisco ACI does not provide a native feature to shut down or disable all EPGs simultaneously via the GUI or CLI.

However, you can use automation (e.g., Ansible) to scale the operation.

You can find a working Ansible sample script for this purpose over here:

https://community.cisco.com/t5/application-centric-infrastructure/cisco-aci-ansible-putting-epgs-in-shutdown/td-p/3857364

This method is reversible using the same script by changing "shutdown": "false".

As an alternative method you could stop all communication between EPGs in a tenant by either removing all inter-EPG contracts or applying a global deny contract between all EPGs.

Finally you could also detach physical or VMM domains from EPGs, rendering them inactive but this also requires scripting or manual per-EPG changes.

So using Ansible to automate the shutdown of the EPGs as described in the above link is a clean and reversible method to achieve your goal.

HTH!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jens Albrecht
Level 7
Level 7

‎06-30-2025 08:12 AM

Hello @JL-CNO,

as you mentioned Cisco ACI does not provide a native feature to shut down or disable all EPGs simultaneously via the GUI or CLI.

However, you can use automation (e.g., Ansible) to scale the operation.

You can find a working Ansible sample script for this purpose over here:

https://community.cisco.com/t5/application-centric-infrastructure/cisco-aci-ansible-putting-epgs-in-shutdown/td-p/3857364

This method is reversible using the same script by changing "shutdown": "false".

As an alternative method you could stop all communication between EPGs in a tenant by either removing all inter-EPG contracts or applying a global deny contract between all EPGs.

Finally you could also detach physical or VMM domains from EPGs, rendering them inactive but this also requires scripting or manual per-EPG changes.

So using Ansible to automate the shutdown of the EPGs as described in the above link is a clean and reversible method to achieve your goal.

HTH!

0 Helpful

Go to solution
JL-CNO
Level 1
Level 1

‎06-30-2025 08:23 AM

Thank you @Jens Albrecht. So if I apply a deny contract between all EPG's, will that be processed before any current contracts implemented between EPG's?

0 Helpful

Go to solution
Jens Albrecht
Level 7
Level 7

‎06-30-2025 08:31 AM

Hello @JL-CNO,

this depends on the priority you configured for your current contracts.

A deny contract between all EPGs will block traffic only if its priority is higher than your existing contracts.

So use vzAny and priority "Highest" for the deny contract to ensure it overrides all other rules.

HTH!

0 Helpful

Go to solution
Joseph Rinehart
Cisco Employee
Cisco Employee
In response to Jens Albrecht

‎07-01-2025 07:52 AM

A taboo contract will do this for sure, it has a priority of 5 which will override any configured contract. Jens, is that what you meant by a deny contract?

Technical Content Advocate, DC & AI
Learn with Cisco
CCIE #14256
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License