You can configure network properties on a tenant EPG network.
network-property-add,
network-property-delete, and network-property-update
to add, delete, and update the network-property (NP) of an EPG networks. For
example, If an EPG does not have the NP MAC ACL applied and if you want to apply NP
MAC ACL on the EPG networks, then use the network-property-add or
network-property-update operation.
Note
The network property configuration on Tenant EPG is supported only for PP ACL.efa tenant epg update --name <epg-name> --tenant <tenant-name> --operation network-property-add --switchport-native-vlan <2-4090> --l2-vni <ctag:l2-vni> --ip-mtu <ctag:ip-mtu> --anycast-ip <ctag:anycast-ip> --anycast-ipv6 <ctag:anycast-ipv6 --bridge-domain <ctag:bridge-domain> --ctag-description <ctag:vlandescription> --local-ip <ctag,device-ip:local-ip> --local-ipv6 <ctag,device-ip:local-ipv6> --ipv6-nd-mtu <ctag:mtu> --ipv6-nd-managed-config <ctag:ipv6-nd-managed-config> --ipv6-nd-other-config <ctag:ipv6-nd-other-config> --ipv6-nd-prefix <ctag:prefix1,prefix2 --ipv6-nd-prefix-valid-lifetime <ctag,prefix:validTime> --ipv6-nd-prefix-preferred-lifetime <ctag,prefix:preferredTime> --ipv6-nd-prefix-no-advertise <ctag,prefix:noadvertiseflag> --ipv6-nd-prefix-config-type <ctag,prefix:configType> --suppress-arp <ctag:suppress-arp> --suppress-nd <ctag:suppress-nd> --np-mac-acl-in <ctag:acl-name> --np-mac-acl-out <ctag:acl-name> --np-ip-acl-in <ctag:acl-name> --np-ip-acl-out <ctag:acl-name> --np-ipv6-acl-in <ctag:acl-name>
Example
efa tenant epg update --tenant t1 --name epg2 --operation network-property-add
--np-mac-acl-in 360:ext-mac-permit-any-mirror-acl --np-ip-acl-in 360:ext-ip-permit-any-mirror-acl
efa tenant epg show --detail
=====================================================================
Name : epg2
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/35]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 360
: VRF : VRF11
: L3Vni : 15191
+------------+-------------+-----------+------------+-------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+------------+-------------+
Port Property ACLs
+--------------------+-------------+-------------+
| Port | Dev State | App State |
+--------------------+-------------+-------------+
| 10.20.246.15[0/35] | provisioned | cfg-in-sync |
+--------------------+-------------+-------------+
Port Property States
+-----+--------------+------+-----+------------+-------+--------+------------+------+--------+---------------+-------------+-----------+-----------+
|Ctag | Ctag |L2Vni |BD |Anycast |Anycast|Suppress| Local IP |IP MTU| IPv6 ND| IPv6 ND | IPv6 ND |Dev State |App State |
| | Description | |Name |IPv4 |IPv6 | ARP/ND |[Device-IP->| | MTU |Managed Config |Other Config | | |
| | | | | | | |Local-IP] | | | | | | |
+-----+--------------+------+-----+------------+-------+--------+-------------------+--------+---------------+-------------+-----------+-----------+
|360 |Tenant L3 |11003 | |36.1.1.1/24 | | T/F | | | | false | false |provisioned|cfg-in-sync|
| |Extended VLAN | | | | | | | | | | | | |
+-----+--------------+------+-----+------------+-------+--------+------------+------+--------+---------------+-------------+-----------+-----------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+-----+-----------------------------+--------+----------------------------+--------+-------+
| Ctag| MAC ACL IN |MAC | IP ACL IN |IP | IPv6 |
| | |ACL OUT | |ACL OUT | ACL IN|
+-----+-----------------------------+--------+----------------------------+--------+-------+
| 360 |ext-mac-permit-any-mirror-acl| |ext-ip-permit-any-mirror-acl| | |
+-----+-----------------------------+--------+----------------------------+--------+-------+
Network Property ACLs
Rack1Device1# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp mac access-group ext-mac-permit-any-mirror-acl in description Tenant L3 Extended VLAN ! Rack1Device1# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip access-group ext-ip-permit-any-mirror-acl in ip anycast-address 36.1.1.1/24 no shutdown ! |
Rack1Device1# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp mac access-group ext-mac-permit-any-mirror-acl in description Tenant L3 Extended VLAN ! Rack1Device2# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip access-group ext-ip-permit-any-mirror-acl in ip anycast-address 36.1.1.1/24 no shutdown ! |
efa tenant epg update --name <epg-name> --tenant <tenant-name> --operation network-property-delete --switchport-native-vlan <2-4090> --l2-vni <ctag:l2-vni> --ip-mtu <ctag:ip-mtu> --anycast-ip <ctag:anycast-ip> --anycast-ipv6 <ctag:anycast-ipv6 --bridge-domain <ctag:bridge-domain> --ctag-description <ctag:vlandescription> --local-ip <ctag,device-ip:local-ip> --local-ipv6 <ctag,device-ip:local-ipv6> --ipv6-nd-mtu <ctag:mtu> --ipv6-nd-managed-config <ctag:ipv6-nd-managed-config> --ipv6-nd-other-config <ctag:ipv6-nd-other-config> --ipv6-nd-prefix <ctag:prefix1,prefix2 --ipv6-nd-prefix-valid-lifetime <ctag,prefix:validTime> --ipv6-nd-prefix-preferred-lifetime <ctag,prefix:preferredTime> --ipv6-nd-prefix-no-advertise <ctag,prefix:noadvertiseflag> --ipv6-nd-prefix-config-type <ctag,prefix:configType> --suppress-arp <ctag:suppress-arp> --suppress-nd <ctag:suppress-nd> --np-mac-acl-in <ctag:acl-name> --np-mac-acl-out <ctag:acl-name> --np-ip-acl-in <ctag:acl-name> --np-ip-acl-out <ctag:acl-name> --np-ipv6-acl-in <ctag:acl-name>
Example
efa tenant epg update --tenant t1 --name epg2 --operation network-property-delete
--np-mac-acl-in 360:ext-mac-permit-any-mirror-acl --np-ip-acl-in 360:ext-ip-permit-any-mirror-acl
efa tenant epg show --detail
====================================================================
Name : epg2
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/35]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 360
: VRF : VRF11
: L3Vni : 15191
+------------+-------------+-----------+------------+-------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+------------+-------------+
Port Property ACLs
+--------------------+-------------+-------------+
| Port | Dev State | App State |
+--------------------+-------------+-------------+
| 10.20.246.15[0/35] | provisioned | cfg-in-sync |
+--------------------+-------------+-------------+
Port Property States
+----+-------------+------+----+------------+-------+--------+----------------------+---+------+--------------+------------+-----------+-----------+
|Ctag| Ctag |L2Vni |BD |Anycast IPv4|Anycast|Suppress| Local IP |IP |IPv6 | IPv6 ND | IPv6 ND | Dev State | App State |
| | Description | |Name| |IPv6 | ARP/ND |[Device-IP->Local-IP] |MTU|ND MTU|Managed Config|Other Config| | |
+----+-------------+------+----+------------+-------+--------+----------------------+---+------+--------------+------------+-----------+-----------+
|360 |Tenant L3 |11003 | |36.1.1.1/24 | | T/F | | | | false | false |provisioned|cfg-in-sync|
| |Extended VLAN| | | | | | | | | | | | |
+----+-------------+------+----+------------+-------+--------+----------------------+---+------+--------------+------------+-----------+-----------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+------+--------------------+-------------+------------------+------------+-------------+
| Ctag | MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------+--------------------+-------------+------------------+------------+-------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for detail
Rack1Device1# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp description Tenant L3 Extended VLAN ! Rack1Device1# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip anycast-address 36.1.1.1/24 no shutdown ! |
Rack1Device2# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp description Tenant L3 Extended VLAN ! Rack1Device2# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip anycast-address 36.1.1.1/24 no shutdown ! |
efa tenant epg update --name <epg-name> --tenant <tenant-name> --operation network-property-update --switchport-native-vlan <2-4090> --l2-vni <ctag:l2-vni> --ip-mtu <ctag:ip-mtu> --anycast-ip <ctag:anycast-ip> --anycast-ipv6 <ctag:anycast-ipv6 --bridge-domain <ctag:bridge-domain> --ctag-description <ctag:vlandescription> --local-ip <ctag,device-ip:local-ip> --local-ipv6 <ctag,device-ip:local-ipv6> --ipv6-nd-mtu <ctag:mtu> --ipv6-nd-managed-config <ctag:ipv6-nd-managed-config> --ipv6-nd-other-config <ctag:ipv6-nd-other-config> --ipv6-nd-prefix <ctag:prefix1,prefix2 --ipv6-nd-prefix-valid-lifetime <ctag,prefix:validTime> --ipv6-nd-prefix-preferred-lifetime <ctag,prefix:preferredTime> --ipv6-nd-prefix-no-advertise <ctag,prefix:noadvertiseflag> --ipv6-nd-prefix-config-type <ctag,prefix:configType> --suppress-arp <ctag:suppress-arp> --suppress-nd <ctag:suppress-nd> --np-mac-acl-in <ctag:acl-name> --np-mac-acl-out <ctag:acl-name> --np-ip-acl-in <ctag:acl-name> --np-ip-acl-out <ctag:acl-name> --np-ipv6-acl-in <ctag:acl-name>
Example
efa tenant epg update --tenant t1 --name epg2 --operation network-property-update
--np-ip-acl-out 360:ext-ip-permit-any-mirror-acl --np-ipv6-acl-in 360:ext-ipv6-permit-any-mirror-acl
efa tenant epg show --detail
=====================================================================
Name : epg2
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/35]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 360
: VRF : VRF11
: L3Vni : 15191
+------------+-------------+-----------+------------+-------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+------------+-------------+
Port Property ACLs
+--------------------+-------------+-------------+
| Port | Dev State | App State |
+--------------------+-------------+-------------+
| 10.20.246.15[0/35] | provisioned | cfg-in-sync |
+--------------------+-------------+----- --------+
Port Property States
+-----+--------------+------+--------+-----------+-------------+--------+----------------------+----+-------+--------------+-------------+-----------+------------+
|Ctag | Ctag |L2Vni |BD Name |Anycast |Anycast IPv6 |Suppress| Local IP |IP |IPv6 ND| IPv6 ND | IPv6 ND | Dev State | App State |
| | Description | |Name |IPv4 |IPv6 | ARP/ND |[Device-IP->Local-IP] |MTU |ND MTU |Managed Config| Other Config| | |
+-----+--------------+------+--------+-----------+-------------+--------+----------------------+----+-------+--------------+-------------+-----------+------------+
|360 |Tenant L3 |11003 | |36.1.1.1/24| | T/F | | | | false | false |provisioned| cfg-in-sync|
| |Extended VLAN | | | | | | | | | | | | |
+-----+--------------+------+--------+-----------+-------------+--------+----------------------+----+-------+--------------+-------------+-----------+------------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+-----+-------+--------+-------+------------------------------+-------------------------------+
|Ctag |MAC |MAC | IP | IP ACL OUT | IPv6 ACL IN |
| |ACL IN |ACL OUT | ACL IN| | |
+-----+-------+--------+-------+------------------------------+-------------------------------+
|360 | | | | ext-ip-permit-any-mirror-acl |ext-ipv6-permit-any-mirror-acl |
+-----+-------+--------+-------+------------------------------+-------------------------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for details
Rack1Device1# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp description Tenant L3 Extended VLAN ! Rack1Device1# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip access-group ext-ip-permit-any-mirror-acl out ipv6 access-group ext-ipv6-permit-any-mirror-acl in ip anycast-address 36.1.1.1/24 no shutdown ! |
Rack1Device2# show run vlan 360 vlan 360 router-interface Ve 360 suppress-arp description Tenant L3 Extended VLAN ! Rack1Device2# show run int ve 360 interface Ve 360 vrf forwarding VRF11 ip access-group ext-ip-permit-any-mirror-acl out ipv6 access-group ext-ipv6-permit-any-mirror-acl in ip anycast-address 36.1.1.1/24 no shutdown ! |