思科ACI-Contacts的含义与使用方法之一

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VMDC/ACI/1-0/IG/ACI.pdf

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VMDC/ACI/1-0/IG/ACI/ACI1.html

思科ACI-Contacts的含义与使用方法之一_第1张图片
Paste_Image.png

Contact 是思科ACI里面的重要概念,有点类似以前的ACL。它来控制EPG之间的IP 流量的通和断。但是又有一些协议是不受 Contact 控制的。例如:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/aci_nxos_rn_1102.html
这里说明的,网络上使用的管理协议,路由协议,NTP等等。

The current list of protocols that are allowed (and cannot be blocked through contracts) include the following. Some of the protocols have SrcPort/DstPort distinction.

– UDP DestPort 161: SNMP. These cannot be blocked through contracts. Creating an SNMP ClientGroup with a list of Client-IP Addresses restricts SNMP access to only those configured Client-IP Addresses. If no Client-IP address is configured, SNMP packets are allowed from anywhere.

– TCP SrcPort 179: BGP
– TCP DstPort 179: BGP
– OSPF
– UDP DstPort 67: BOOTP/DHCP
– UDP DstPort 68: BOOTP/DHCP
– IGMP
– PIM
– UDP SrcPort 53: DNS replies
– TCP SrcPort 25: SMTP replies
– TCP DstPort 443: HTTPS
– UDP SrcPort 123: NTP
– UDP DstPort 123: NTP

思科ACI-Contacts的含义与使用方法之一_第2张图片
Paste_Image.png

你可能感兴趣的:(思科ACI-Contacts的含义与使用方法之一)