An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?
A.
Configure the Export Route Control Subnet scope for the external EPG.
B.
Configure the External Subnets for the External EPG scope for the external EPG.
C.
Configure the Import Route Control Subnet scope for the external EPG.
D.
Configure the Shared Route Control Subnet scope for the external EPG.
External Subnets for the External EPG (also called Security Import Subnet)—This option does not control the movement of routing information into or out of the fabric. If you want traffic to flow from one external EPG to another external EPG or to an internal EPG, the subnet must be marked with this control.
Shared Route Control Subnet—Subnets that are learned from shared L3Outs in inter-VRF leaking must be marked with this control before being advertised to other VRFs.
Shared Security Import Subnet—This control is the same as External Subnets for the External EPG for Shared L3Out learned routes. If you want traffic to flow from one external EPG to another external EPG or to another internal EPG
https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/5x/l3-configuration/cisco-apic-layer-3-networking-configuration-guide-52x/route-and-subnet-scope-layer3-config-52x.html
External Subnets for the External EPG (also called Security Import Subnet) - This option does not control the movement of routing information into or out of the fabric. If you want traffic to flow from one external EPG to another external EPG or to an internal EPG, the subnet must be marked with this control. If you do not mark the subnet with this control, then routes learned from one EPG are advertised to the other external EPG, but packets are dropped in the fabric. The drops occur because the APIC operates in a allowed list model where the default behavior is to drop all data plane traffic between EPGs, unless it is explicitly permitted by a contract. The allowed list model applies to external EPGs and application EPGs. When using security policies that have this option configured, you must configure a contract and a security prefix.
This is by default turned on for any new prefix that you put in the External EPG. This knob is very simple. Think of it as an access list for that external destination.
B ) But this is enabled by default , so no action needed
https://unofficialaciguide.com/2019/11/08/understanding-scope-of-prefixes-in-l3-out-external-epg-in-aci/
This section is not available anymore. Please use the main Exam Page.300-620 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sailorsoul
9 months, 4 weeks agoMr_Certifiable
1 year, 3 months agothinqtanklearningDOTcom
1 year, 5 months agoRododendron2
1 year, 6 months ago7korn7
1 year, 7 months agofrzzt
1 year, 8 months ago