An engineer implements an ACI fabric and must implement microsegmentation of endpoints within the same IP subnet using a network-based attribute. The attribute mapping must allow IP subnet independence. Which attribute must be selected?
An engineer implements an ACI fabric and must implement microsegmentation of endpoints within the same IP subnet using a network-based attribute. The attribute mapping must allow IP subnet independence. Which attribute must be selected?
To achieve microsegmentation of endpoints within the same IP subnet while maintaining IP subnet independence, you must use the MAC address attribute. This is because IP-based microsegmentation primarily supports scenarios where Layer 3 routing is required, and cannot be enforced when traffic is bridged within the same subnet. Therefore, the MAC address attribute is necessary to classify and segment endpoints within the same subnet effectively.
D is correct
Correct Answer - A
"If you want to use a network-based attribute and classify IP addresses in the same subnet, you must use the MAC-based network attribute. IP-based microsegmented EPGs do not support classification for IP addresses in the same subnet. IP-based microsegmented EPGs are supported only when traffic requires Layer 3 routing. If the traffic is bridged, the microsegmentation policy cannot be enforced" https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/virtualization/b_ACI_Virtualization_Guide_3_1_1/b_ACI_Virtualization_Guide_3_1_1_chapter_0100.html
Network-Based Attributes The network-based attributes are IP (IP address filter) and MAC (MAC Address Filter). You can apply one or more MAC or IP addresses to a uSeg EPG. For IP addresses, you simply specify the address or the subnet; for MAC addresses, you simply specify the address.
D is correct
D is Correct
Since 5.2 is it possible to use IP and MAC based. Not sure which version is related to exam.
subnet independence - not using IP address