07-23-2020 12:48 AM
Hi
We have a VRF with 47 EPGs which has been set to "unenforced" mode by error. This has been there since beginning but it is not as per design.
Is there any way I can check which EPGs are actually communicating with each other so that I can configure contracts between them and avoid breaking any communication and then configuring the VRF to "enforced" mode to ensure newly created EPGs have access restrictions?
Regards
Rohan
07-23-2020 06:29 AM
One thing which comes to my mind, although it is quite a rough way to figure which EPGs are communicating using this method, is using a contract with allow all between different EPGs and set "log" in the contract filter. This way you can verify which EP communicates between them. Once you have the EP, you can find out the EPGs they belong to.
To see the EPs communicating, go to: tenants -> tenant-name -> operational -> flows -> L2/L3 permit.
Alternatively, you can use netflow or network insights to find out the existing flows.
Stay safe,
Sergiu
07-26-2020 05:39 AM
Hi Sergiu
I believe contract logging is supported only in version 5.0. I am currently running 3.2(1m).
For Netflow does the switch report on traffic statistics for endpoints on the same vrf/same leaf?
Regards
Rohan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide