Refer to the exhibit. The external subnet and internal EPG1 must communicate with each other, and the L3Out traffic must leak into the VRF named "VF1". Which configuration set accomplishes these goals?
A.
Export Route Control Subnet -
Import Route Control Subnet - Aggregate Shared Routes
B.
External Subnets for External EPG
Shared Route Control Subnet - Shared Security Import Subnet
C.
External Subnets for External EPG
Import Route Control Subnet - Shared Route Control Subnet
B IS CORRECT
https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/5x/l3-configuration/cisco-apic-layer-3-networking-configuration-guide-52x/route-and-subnet-scope-layer3-config-52x.html
Shared Security Import Subnet—
This control is the same as External Subnets for the External EPG for Shared L3Out learned routes.
If you want traffic to flow from one external EPG to another external EPG or to another internal EPG, the subnet must be marked with this control. If you do not mark the subnet with this control, then routes learned from one EPG are advertised to the other external EPG, but packets are dropped in the fabric.When using security policies that have this option configured, you must configure a contract and a security prefix.
B is correct. When route leaking in another VRF you need both Shared Route Control Subnet -
Shared Security Import Subnet. Security import subnet acts like an inbound ACL for the EPG that wants to talk to ext EPG.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-620 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
spongebobcisco
10 months agoRododendron2
12 months agofrzzt
1 year, 1 month ago