EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

AF

ACI Fabric Wide Setting

ACI Fabric Wide Setting

ACI Fabric Wide Setting

Fabric-wide settings include a bunch of different unrelated fabric settings and policies that are grouped in the same user interface panel. The scope of these policies is fabric-wide.

Some of the most important global ACI settings are the following:

  • Remote Endpoint Learning

  • Subnet Check

  • Domain Validation

  • Validating Overlapping VLANs

  • IP Aging

  • Rogue Endpoint Control

  • Endpoint Loop Protection

Remote Endpoint Learning

The Remote Endpoint Learning option is disabled by default. When this feature is enabled, the remote IP endpoint learning at the VRF instance is disabled on border leaf switches. Border leaf switches use the spine proxy exclusively.

However, border leafs may still learn remote IP endpoints from IP multicast routing packets. This exception applies only when a second-generation switch is used as the border leaf because Cisco ACI IP multicast routing is supported only starting with the second-generation switches. This feature does not disable remote MAC endpoint learning.

Subnet Check

The Subnet Check feature disables IP address learning outside of subnets configured in a VRF for all other VRFs. If you put a check in the box for this option, the fabric will not learn IP addresses from a subnet other than the one configured on the bridge domain.

Check the box next to Enforce Subnet Check to enable the subnet check feature, which is highly recommended.

Domain Validation

The Domain Validation feature enforces a validation check if a static path is added but no domain is associated to an EPG. The scope of this policy is fabric-wide. After configuration, a policy is pushed to each leaf switch as it comes up. Check the box next to Enforce to enable the domain validation feature, which is highly recommended.

Enforcing Domain Validation restricts EPG VLAN usage by ensuring that the respective Domain and VLAN Pool are bound to the EPG. This prevents accidental or malicious programming of EPGs to use VLAN IDs they may not be permitted to use.

Validating Overlapping VLANs

The Validating Overlapping VLANs feature is a global feature that prevents association of overlapping VLAN pools on a single EPG. If there are any overlapping pools allocated with any EPG in APIC, then this feature cannot be enabled (an error is displayed if there is an attempt to enable it). You must assign VLAN pools that are not overlapping to the EPGs before choosing this feature.

When overlapping VLAN pools exist under an EPG, then the FD VNID allocated for the EPG by each switch is non-deterministic and different switches may allocate different VNIDs. It can also cause bridging loops if user is extending STP between the EPG, as the BPDUs will be dropped between switches due to FD VNID mismatch.

IP Aging

Enabling the IP Aging policy allows ACI to track each IP individually and age out unused IPs efficiently. Otherwise, unused IPs remain learned until the base MAC address ages out. This does not affect remote endpoints.

Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.

TABLE OF CONTENTS

RECENT POSTS

Membership Plan

Monthly

$100/Monthly
Half Yearly

$200/6 Months
Half Yearly

$350/Year