Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1586
Views
0
Helpful
3
Replies

Accessing one-armed PBR node via the PBR interface

Go to solution
tuanquangnguyen
Level 1
Level 1

‎04-29-2020 09:57 PM - edited ‎04-29-2020 09:58 PM

Hi community,

 

Recently deployed an FTD pair in one-armed mode. Despite pingable from the service leaf, and the BD associated with the L3out with its subnet Advertised Externally, when I tried to ping from outside of the L3out to the PBR node it's inaccessible.

 

That'sreally fine for FTD since it's managed via another interface. Now I'm about to migrate a CheckPoint from the old network, after that there would only be one sub-interface left on the CheckPoint. Would there be anyway that I can access the CheckPoint for management in this topology?

 

Thanksa lot.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-30-2020 12:43 AM

Hi @tuanquangnguyen 

Is the L3Out consumer/provider of the SG? If yes, do you have "Direct Connect" option enabled? This setting, when enabled in the service graph, enables communication (individually):

  • from the consumer EPG to the consumer connector of the PBR node
  • from the provider EPG to the provider connector of the PBR node

For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html 

 

Regards,

Sergiu

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-30-2020 12:43 AM

Hi @tuanquangnguyen 

Is the L3Out consumer/provider of the SG? If yes, do you have "Direct Connect" option enabled? This setting, when enabled in the service graph, enables communication (individually):

  • from the consumer EPG to the consumer connector of the PBR node
  • from the provider EPG to the provider connector of the PBR node

For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html 

 

Regards,

Sergiu

0 Helpful

Go to solution
tuanquangnguyen
Level 1
Level 1
In response to Sergiu.Daniluk

‎04-30-2020 01:37 AM

That did the trick.

Thanks for your help @Sergiu.Daniluk
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to tuanquangnguyen

‎04-30-2020 04:29 AM

With pleasure! Happy to hear that it's all good now ^_^

 

Cheers,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License