Configuring Cisco APIC to Prevent Learning of Unconfigured Remote Networks
Question
Which Cisco APIC configuration prevents a remote network that is not configured on the bridge domain from being learned by the fabric?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.htmlThe correct answer to the question is A. enable Limit IP Learning to Subnet.
In a Cisco Application Centric Infrastructure (ACI), the Bridge Domain (BD) is a fundamental object used for routing and forwarding traffic. A Bridge Domain represents a Layer 2 segment in the fabric and is associated with one or more subnets. The subnets are defined by IP address ranges that are allowed to communicate with each other within the BD.
By default, the ACI fabric uses IP data-plane learning to learn and populate the forwarding tables with MAC-to-IP bindings for all the traffic that is forwarded through the fabric. This learning occurs on a per-BD basis, meaning that the fabric learns the MAC-to-IP bindings for all the traffic that belongs to a particular BD, regardless of the source network.
However, in some cases, it may be desirable to limit the learning of MAC-to-IP bindings to only the subnets that are configured on the BD. This can be accomplished by enabling the "Limit IP Learning to Subnet" feature on the BD.
When this feature is enabled, the fabric only learns and populates the forwarding tables with MAC-to-IP bindings for the traffic that belongs to the configured subnets on the BD. If traffic from a remote network arrives on a port that belongs to the BD, the fabric does not learn the MAC-to-IP binding for that traffic and does not forward it to other ports that belong to the BD.
To summarize, the correct answer to the question is A. enable Limit IP Learning to Subnet because it limits the learning of MAC-to-IP bindings to only the subnets that are configured on the BD, preventing a remote network that is not configured on the BD from being learned by the fabric. Answers B, C, and D do not achieve this goal. Enabling Unicast Routing enables routing between BDs and does not restrict learning to specific subnets. Enabling IP Data-plane Learning is the default behavior and does not limit learning to specific subnets. Enabling ARP Flooding to BD floods ARP requests across all ports in a BD, which is not necessary to prevent learning of MAC-to-IP bindings from remote networks.
