Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
0
Helpful
2
Replies

Transition from VRF Unenforced mode to enforced mode

rohandec1980
Level 1
Level 1

‎07-23-2020 12:48 AM

Hi

 

We have a VRF with 47 EPGs which has been set to "unenforced" mode by error. This has been there since beginning but it is not as per design.

 

Is there any way I can check which EPGs are actually communicating with each other so that I can configure contracts between them and avoid breaking any communication and then configuring the VRF to "enforced" mode to ensure newly created EPGs have access restrictions?

 

Regards

Rohan

Labels:
0 Helpful
2 Replies 2

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎07-23-2020 06:29 AM

One thing which comes to my mind, although it is quite a rough way to figure which EPGs are communicating using this method, is using a contract with allow all between different EPGs and set "log" in the contract filter. This way you can verify which EP communicates between them. Once you have the EP, you can find out the EPGs they belong to.

To see the EPs communicating, go to: tenants -> tenant-name -> operational -> flows -> L2/L3 permit.

 

Alternatively, you can use netflow or network insights to find out the existing flows.

 

Stay safe,

Sergiu

 

0 Helpful

rohandec1980
Level 1
Level 1
In response to Sergiu.Daniluk

‎07-26-2020 05:39 AM

Hi Sergiu

 

I believe contract logging is supported only in version 5.0. I am currently running 3.2(1m).

 

For Netflow does the switch report on traffic statistics for endpoints on the same vrf/same leaf?

 

Regards

Rohan

0 Helpful
Customers Also Viewed These Support Documents