We are using NQL's to allow only certain addresses to ssh ftp to the css, which all works fine, however, if we ssh or telnet to the css from an ip address that is not allowed we gain a connection but do not get any prompt back, so we cannot actually do anything we are slightly concerned about this being a security risk, is this normal behaviour ? We have restrict telnet on but we seem to get a connection.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...