ACI is a zero trust environment when its Enforced. when you create EPG where it says (intra EPG isolation) select "Enforced" and use contracts to allow traffic between EPG's
L3Out configuration defines how the ACI fabric connects to external L3 networks using static routing or dynamic routing protocols. VLAN pool is required to provide External encapsulation.
