This document provides a sample ACL (access control list) configuration, for GSS appliance, to allow inter-GSS communication within a cluster.
The packet filtering tools on the GSS instruct each device to permit or refuse specific packets based on a combination of criteria.Access lists are collections of filtering rules that you create using the access-list CLI command. The GSS examines each packet to determine whether to forward or drop the packet based on the criteria specified within the access lists. When the GSS decides whether to forward or block a packet, it tests the packet against each criteria statement in the order that the statements were created. After a match is found, the GSS does not check any additional criteria statements.
GSS appliances in a cluster use following TCP ports for Inter-GSS communication:
200, 2001-2005 and 3002-3008.
Each GSS appliance in a cluster can be configured with an ACL that would allow only these appliances to communicate with each other by blocking rest of the traffic on an inside ethernet interface of an appliance.
Consider an example where there are two GSS appliances in a cluster. Both appliances communicate with each other over ethernet interface eth0.
Primary GSSM eth0 interface is configured with IP address 10.10.10.1.
Standby GSSM eth0 interface is configured with IP address 10.10.10.2.
Given that, you can configure following access control lists (ACLs) to allow Inter-GSS communication over ethernet interface eth0.
Note: Additional entries can be added to these ACLs to accommodate some other type of traffic such as telnet or SSH access to GSS.
Primary GSSM (IP address for interface eth0 10.10.10.1) :
Hi,I've downloaded the "dist-generics-18.104.22.168.tar.gz" packet for Kubernetes integration with Ubuntu 18.04 from Cisco.com and, after decompressing the .tar, I don't see any .deb file to install and then run the provissioning tool. What's the procedure...
Hi,1) is there any tool available to generate xml scripts for ACI configuration (tenant, BD, EPG, etc.) ?intention is to post the xml scripts at appropriate location for ACI configuration. 2) when i right click and "save as" the xml script that is do...
Hi, I am working on my first python scripts in aci through the cobra libraries.I have made some scripts with arya, and have now created some scripts to create ports en policies for our new servers.I am looking for an example to loop through several o...
Hi guys Im currently studying EVPN. I've been working on a topology but I'vent been able to make it work. The lab was to configure EVPN between 2 nexus switches. In the original lab it was used ingress-replication. However, that options does not seem...
Data Center NetworkingHi, I work in a dc environment and have the typical 7k/5k/2k setup. I have noticed we have quite a large amount of traffic traversing our VPC peer link on the 7ks I thought the VPC peer link was only used for control plane ...