Creating a "match
all" contract in Cisco ACI means defining a contract that
allows all traffic types (all protocols, all ports) between
EPGs (Endpoint Groups). This is often used in lab environments or for initial
testing, but should be used with caution in production due to its
permissiveness.
🔧 Steps to Create a Match-All Contract in Cisco
ACI (via GUI):
- Log in to the APIC GUI.
- Navigate to:
- Tenants > [Your Tenant] > Contracts
- Right-click on Contracts > Create
Contract.
- Name: e.g., match_all_contract
- Scope: Tenant (or as per your requirement)
- Click Next.
- Add a Subject:
- Name: e.g., match_all_subject
- Filter: Click + to add a filter.
- Create a New Filter:
- Name: e.g., match_all_filter
- Click + to add a filter
entry.
- Add Filter Entry:
- Entry Name: e.g., allow_all
- EtherType: ip
- Protocol: unspecified
- Source Port: unspecified
- Destination Port: unspecified
- Apply Both Directions: ✅ (checked)
- Click OK, then Finish.
- Associate the Contract:
- Go to the EPG that
should provide the contract.
- Under Provided Contracts,
add match_all_contract.
- Go to the EPG that
should consume the contract.
- Under Consumed Contracts,
add match_all_contract.
No comments:
Post a Comment