11-30-2023 03:02 AM
I have some questions
I tried to implement uSeg and didn't understand behaviour
I have EPG APP with enforced behaviuor.
I made two uSeg epg and without contracts they couldn't speak each other - it's good. After it I permited RDP session between them through contract, RDP worked, but I noticed that PC's inside uSeg EPG could communicate with each other through any protocols.
I thought that deny is implicit rule in the contract
Solved! Go to Solution.
12-08-2023 09:11 PM
so, it was because of vzAny rule, after was removing it started work as expected
11-30-2023 07:01 AM
Whether an endpoint belongs to a base EPG, or uSeg EPG doesn't impact how contracts work. If you want endpoints between EPGs (Regular or uSeg) to communicate in a VRF in enforced mode - requires a contract. The contract is what dicates the ports/protocols based on the associated filters of that contract.
What does the filter in your applied contract look like?
Robert
12-05-2023 10:48 PM - edited 12-05-2023 10:52 PM
My parent EPG (BKP_Servers_Test) - intra EPG isolation is Enforced
Now my endpoints can't communicate without contracts because of intra EPG isolation is Enforced, it's general behaviour
10.177.200.10 and 10.177.20.5
Now I want to move my 10.177.200.10 and 10.177.20.5 to different uSeg EPG
I made new uSeg-1 with match attribute ip=10.177.200.10 (placed inside uSeg-1), and after it 10.177.200.10 (placed inside paret EPG BKP_Servers_Test) could communicate with 10.177.200.5 without any contracts, why?
Is it default behavour? uSeg EPG and parent EPG can communicate without contracts? I thought that ACI has white list behaviour with feature intra EPG isolation is Enforced and we need contracts everywhere (for commication between different uSeg EPG, for communicate between uSeg EPG and Parent EPG for communicate between uSeg EPG and another EPG)
12-08-2023 09:11 PM
so, it was because of vzAny rule, after was removing it started work as expected
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide