Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1520
Views
5
Helpful
3
Replies

aci route import greyed out

petercinvest
Level 1
Level 1

‎03-16-2018 04:43 AM - edited ‎03-01-2019 05:28 AM

may i know why my import route control checkbox and aggregate import checkbox is greyed out and how to activiate it? 

 

Labels:
Preview file
27 KB
0 Helpful
3 Replies 3

Manuel Velasco
Cisco Employee
Cisco Employee

‎03-19-2018 08:09 AM

Hi Peter,

 

The reason the “import route control” option is greyed out, is because you have to enable the import option under the “Route control enforcement” on the L3 Outside.(see attached screenshots)  I would also recommend trying this configuration in the lab, because once this option is enable, the only routes that would be imported to ACI are the routes defined under the L3-EPG subnets with the import control subnet flag enabled any other subnets will not be imported to ACI.

Preview file
250 KB
Preview file
103 KB

micgarc2
Cisco Employee
Cisco Employee
In response to Manuel Velasco

‎03-19-2018 09:39 AM

Just to add onto Manuel:

 

"Import-Route Control Enforcement" is disabled by default when you create an L3 out. When this box is enabled(checked off) everything is denied. As Manuel, said you have to specify the prefixes under the L3 External EPG subnets you want to permit by checking the "import route control subnet" flag on the subnet and it will cause it to be learned. Without that box checked the prefix would not be imported. If you want to deny specific inbound routes, deny rules do not work with import route-control.  Deny rules only work for export route-control. 
 
OR
 
You can create an inbound route map. This way you don't have to use the import route control flag under every ext EPG subnet you want to permit. Basically in the route map you would specify what you want to permit and everything else is implicitly denied. You would then tie this route map to the "Route Control Profile" under the external EPG subnet as an Import Route Policy.
 
*Note even with the route-map mechanism, import route control enforcement under the main L3 out panel has to be checked for this to work*
 
So, in summary there are actually two different ways you can accomplish route filtering in the import direction. 
 
Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.
 
Regards,
Michael G.
 
0 Helpful

mo.fareed
Level 1
Level 1

‎01-24-2019 09:16 PM

there is checkbox in main page of L3Out called Route Control Enforcement - Import, when u check this checkbox, now u can control importing under your external EPG.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License