ACI MicroSegmentation

Mukesh Chanderia
Jul 20, 2024
1 min read

Application Profile --> EPG --> Intra EGP Isolation --> It's Unenforced (default) --> Change it to enforced and EndPoint within EGP will stop communication.

Now you may want to apply EndPoint Isolation on particular EGP then need to use Specific Domain

Go to Access Policies --> Domain

And allow Micro Segmentation

Now create uSeg EGP under application profile

Create uSeg Attributes

We need to define the rule for our USeg, in this particular case we are going to be using name as the VM attribute.

Recent Posts

See All

In-Band Management Configuration in ACI

High-Level Objective The goal is to enable APICs, leaf switches, and spine switches to: Use in-band management IP addresses Carry management traffic over the ACI fabric data plane Reach external

Understanding “Output Errors” and “Stomped CRC” on Cisco ACI Leaf–Spine Links

Introduction One of the most misunderstood interface statistics in Cisco ACI and Nexus-based fabrics is the presence of “output errors” on leaf–spine links, often accompanied by “stomped CRC” or inp

Debounce Timer in Cisco ACI

Understanding Interface Flapping and the Debounce Timer in Cisco ACI Interface flapping on Cisco ACI leaf switches is one of the most commonly misunderstood issues in environments connected to WAN, DW

Comments