Hi experts, We have noticed some issues in our ACI contracts. All contracts are at the default setting, which is apply both directions and reverse filter ports. So the src-egg (provider) is providing icmp and ssh and the destination-epg (consumer) is consuming it. The contract being both directions under the GUI, this should work! BUT its not working.
On checking the show zoning-rule command in the leaf SW between the src-epg and dst-epg, the contract`s direction is "uni-dir-ignore" instead of "bi-dir". I am wondering where did this come from?? Please advise?
Hello. Under normal contract deployment, when you have the "Apply Both Directions" and "Reverse Filter Ports" boxes ticked in the Contract Subject, you should see two entries when you use the 'show zoning-rule' command from a leaf where that contract exists. One should be marked as 'bi-dir' and one marked as 'uni-dir-ignore'. If you don't see those, it likely means that your contract was not correctly programmed into the TCAM. You might try removing the contract from the EPGs and re-adding, making sure you have properly chosen the consumer and provider EPGs.
Think of the 'uni-dir-ignore' entry as a short cut to tell ACI that you simply want return traffic to be allowed. If you don't tick "Reverse Filter Ports" you would need to manually make a 2nd entry in the filter to allow the return traffic, which is more work.
To give an example that is working, see my contract called TEST-C.
APIC 4.1(2u)vCenter appliance 188.8.131.52000 I followed the instructions at "https://[APIC FQDN]/vcplugin/", using PowerCLI to install the plugin. It seemed to work - "[x] Installed vCenter plugin version 4.1.2000.21". However, on logging into...
Login to Cisco Communities
Go to the Cisco Intersight Community and to Intersight Product updates
*This means you will get an email only if content is posted specifically to Intersight Product Updates. And all product updates wi...
Hi,There was a leaf Switch live in our fabric which was having some issues . We got an RMA for it and replaced the new leaf Switch with the same Node ID. After replacement we are unable to SSH the new leaf Switch from APIC .getting some error for RSA keys...
Hi, I am trying to create multiple subnets in one bridge domain using postman for ACI automation. I want to know if there is a document specific to the automation mentioned above. Can someone help me with this please. I am using global variables for ...