Have a question here. Our ACE 4710 is setup to forward traffic to a CheckPoint Cluster VIP as default gateway. As the checkpoint active/active cluster is using multicast mode..it basically uses an unicast ip with a multicast mac.
As with most L3 devices, ACE doesn't like this and will not ping to the cluster ip. Normally we can add a static arp entry but when i try adding the cluster virtual mac in the ACE it always gives an "Error: Invalid MAC address".
I'm pretty sure it's not a typo. any thoughts on this or other potential workaround?
You can configure a VRF instance between the ACE and the FW. This adds up one hop in your routing scheme but configuring a new SVI could lead to open new holes in your network infrastructure, especially when you have all your devices attached in a vlan that hadn't a SVI before and the switch has other L3 interfaces in the inside network. Then you add a static arp entry in your virtual routing forwarding instance arp table and configure routes to bypass the traffic in both directions.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...