Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
5
Replies

Cisco ACI l3out

Mohammed Athamneh
Level 1
Level 1

‎02-25-2020 06:48 AM

I'm trying to configure l3out between the ACI fabric and  firewall with static route
configured all thing that i need form the ACI and firewall.

and configure a contract between external EPG that for l3out and my EPG's, but not working

it work when unenforced the policy control for the VRF, that mean i have the problem with the contract between the external  EPG and my EPG's but i tried everything with no luck.

 

Any help, the contract configuration as below :

l3out3.JPGl3out2.JPGl3out.JPG

0 Helpful
5 Replies 5

Remi-Astruc
Cisco Employee
Cisco Employee

‎02-25-2020 02:19 PM

Hi @Mohammed Athamneh ,

You have defined your contracts under EPG, which is a specific case for intra-EPG security.

Try to create your contract under the Contracts section of the Tenant, and consume/provide with your EPGs/L3Out.

 

Remi Astruc
0 Helpful

Mohammed Athamneh
Level 1
Level 1
In response to Remi-Astruc

‎02-26-2020 01:12 AM - edited ‎02-26-2020 01:15 AM

I'm already did that but with no luck 
@Remi-Astruc 

0 Helpful

Mohammed Athamneh
Level 1
Level 1
In response to Remi-Astruc

‎02-26-2020 01:14 AM

I'm already did that but with no luck
0 Helpful

Mohammed Athamneh
Level 1
Level 1
In response to Remi-Astruc

‎02-26-2020 10:58 AM

@Remi-Astruc 
And as you see in screenshots above the intra-contract for the L4-L7 service graph and there is another contract between the EPG and external EPG which is L3out contract

please advice

0 Helpful

Remi-Astruc
Cisco Employee
Cisco Employee
In response to Mohammed Athamneh

‎02-26-2020 01:52 PM - edited ‎02-26-2020 01:53 PM

Hi @Mohammed Athamneh ,

Right, I overlooked that.

Then there may be different reasons for that and you'd need to provide more details for help (subnets in the external EPG, filters in the contract, reverse/bidirectional, what is your test traffic, are there drops in the acl logs, have you Faults, tried an ELAM, etc...)

Remi Astruc
0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License