Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
5
Helpful
3
Replies

Cisco EPG Isolation and L3-Out External EPG Configurations Within a Preferred Groups Environment

Go to solution
zachartl
Level 1
Level 1

‎05-08-2021 09:30 AM

Hello,

We're using a Network Centric ACI Fabric VLANs = BD-EPG (1:1)

Most EPGs are members of the Preferred Groups

We're single Tenant and Single VRF fabric. Policy Enforcement is set to enabled. Policy enforcement direction is set to Ingress. The default. We're using a single primary L3-Out with one External EPG set for these Subnets - 0.0.0.0/1 and 128.0.0.0/1 (external subnets for the EPG). This EPG is a Preferred Groups Member.

Recently, we've been asked to isolate two EPGs within the fabric and so we've taken those two EPGs, having set them to be excluded from the Preferred Groups. Would it be possible to create a Second External EPG, configured as a Preferred Groups Member, using a more precise subnet 10.0.0.0/8 (external subnets for the EPG) without affecting the data plane traffic managed by the Primary External EPG? We would of course be equipping the Second External EPG with a consumed contract, the isolated EPGs being the contract provider/s. Please note, the 10.0.0.0/8 subnet covers most of our internal networks outside and within the ACI fabric. The point of this query, regards fabric external data plane traffic. Avoiding the disruption of that traffic already in place.

Thank you,

Terry

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎05-08-2021 09:57 PM

As long as you configure everything (contracts, preferred group) before configuring the eepg subnet, yes, you should be fine.

 

Stay safe,

Sergiu

View solution in original post

0 Helpful

Go to solution
zachartl
Level 1
Level 1
In response to Sergiu.Daniluk

‎05-09-2021 06:40 AM

Hi Sergiu,

 

I will begin the configuration then for the new provisions. Thank you for having helped us with this issue.

 

Warmest Regards,

Terry

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎05-08-2021 09:57 PM

As long as you configure everything (contracts, preferred group) before configuring the eepg subnet, yes, you should be fine.

 

Stay safe,

Sergiu

0 Helpful

Go to solution
zachartl
Level 1
Level 1
In response to Sergiu.Daniluk

‎05-09-2021 06:40 AM

Hi Sergiu,

 

I will begin the configuration then for the new provisions. Thank you for having helped us with this issue.

 

Warmest Regards,

Terry

0 Helpful

Go to solution
zachartl
Level 1
Level 1
In response to Sergiu.Daniluk

‎05-10-2021 04:15 AM

Hello Sergiu,

 

I inadvertently, somehow, made my post the Solution to the L3-Out challenge I was facing. Please know that was never the intent as You provided the Solution. Again, Thank You Greatly and I apologize for my apparent inability to operate this interface.

 

Warmest Regards,

Terry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License