Enforce Subnet Check
--> Enforce Subnet Check is Fabric Wide Policy which supersedes the "Limit IP Learning To Subnet" Option.
--> This feature is only available in "Second Generation Switches".
--> This feature is disabled by default.
--> This feature is applied at the VRF level.
--> Once you implement the "Enforce Subnet Check" feature, No need to enable/disable the "Limit IP Learning To Subnet" feature.
--> Whenever ACI tries to learn the Endpoint IP and MAC address from Data Plane (IP Traffic), The Leaf Switch is going to check the Endpoint belongs to any of the configured Bridge Domain Subnet.
--> If the Endpoint IP address Does not belong to any of the configured Bridge Domain Subnets then Endpoint learning ( IP & MAC) would not happen.
--> Limit IP Learning To Subnet only prevents the learning of IP address whereas Enforce Subnet Check prevents the learning of both IP and MAC address.
Reference:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html#Fabriclevelconfigurationoptions
0 comments:
Post a Comment