ACE puposefully blocks any traffic from a source MAC address of another context it owns (sometimes even other physical ACEs due to how the mac addressing is allocated.)
The only way to get around this is to route outbound traffic to the MSFC or other router, then back into the next context so that the source MAC being recieved is not the origonating context.
I will warn you from experience - You are headed for a headache attempting to get context that share the same VLANs to pass packets between eachother. It is much easier to pass traffic between context through vlans that are not known to eachother. ACE will not allow you to force-route VIP traffic to a gateway where it sees a host as L2 adjacent, which makes the return path require source-natting somewhere between the contexts.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...