Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'd like to expose a subset of access policies such as VLAN pools, physical domains, AAEPs, leaf interface policy groups etc... to users linked to a security domain.
Therefore, a security domain has been created linked to a tenant and to a physical d...
Hello all,
When designing a multi-pod solution using the N9K-C9332C as spine switches, can one use the two 1/10G SFP+ ports for connectivity towards the IPN?
Regards,
Laurent
We're trying to block all SNMP, NTP and BGP access to a particular SVI. However, when using the ACL config below, only traffic through the SVI is blocked, not the traffic directly destined towards it.So SVI VLAN901 is still responding on BGP, NTP and...
We have multiple L3OUTs making using of sub-interfaces bound to one physical interface. We're currently not using these sub-interfaces and have therefore performed an admin shut of the parent interface. It turns out that the 'routed interfaces' and '...
We'd like to upgrade our ACI fabric from 4.2(6d) towards 5.2(3e). The plan is to upgrade the APIC controllers very soon, but only upgrading the leaf/spines after New Year. Is it an issue to upgrade the APIC controllers first and the leaf/spines more ...
Thanks RedNectar,
I tested the recommendations you've made and by allowing the domain "all" with the "access-admin" role, the user has read-only access over the entire ACI fabric, which is not the intention.
Then, I created a custom role with only th...
We've implemented the CoPP policy by cloning the strict policy and adding a class map with ACLs on top of this custom CoPP policy.It seems to indeed block the traffic arriving on the SVI specified in the ACL. IP access list acl_block_bgp10 permit tcp...
Thanks Flavio, But it appears that the minimum pps is '1' and not '0', which means that packets will still be allowed by CoPP. With a N7K, this is apparently possible. Any other way on how to block packets completely towards the CPU with a N9K? Thank...
