Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1653
Views
0
Helpful
1
Replies

Cisco ACI - Pings between different EPGs allowed without Contracts?

Go to solution
Keng How Lim
Level 1
Level 1

‎06-25-2020 05:51 PM

Hi,

 

I have a ACI setup where several EPGs are in the same subnet and same bridge domain. There are no contracts between them however when one host in EPG A does a ping sweep using nmap, it is able to see other hosts in the other EPGs IP addresses. Is this normal?

 

Appreciate the help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-25-2020 10:38 PM

Hi @Keng How Lim 

It might be possible that the nmap to "see" other endpoints based on ARP reply and no necessarily based on ICMP reply.

If you do individual pings to the observed endpoints, is it working? If not, then is just ARP which, in case the ARP flooding is enabled, ACI fabric will flood the ARP request within the BD. Workaround -> disable ARP flooding

If you do see ICMP replies, check if EPGs are in a preferred group or if the VRF is unenforced.

Stay safe,

Sergiu

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-25-2020 10:38 PM

Hi @Keng How Lim 

It might be possible that the nmap to "see" other endpoints based on ARP reply and no necessarily based on ICMP reply.

If you do individual pings to the observed endpoints, is it working? If not, then is just ARP which, in case the ARP flooding is enabled, ACI fabric will flood the ARP request within the BD. Workaround -> disable ARP flooding

If you do see ICMP replies, check if EPGs are in a preferred group or if the VRF is unenforced.

Stay safe,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License