Preventing Learning of Endpoint IP Addresses

D.

The correct answer is D. "Limit IP learning to subnet" setting within the bridge domain.

In Cisco Application Centric Infrastructure (ACI), a bridge domain (BD) defines a Layer 2 broadcast domain within the ACI fabric. Endpoints (EPs) are devices that connect to the network and are identified by their MAC addresses and IP addresses.

When an EP is connected to the ACI fabric, the fabric needs to learn the MAC and IP addresses of the EP to properly forward traffic to and from that EP. ACI uses a feature called endpoint learning to discover and store this information in the endpoint database (EPDB).

The "Limit IP learning to subnet" setting within the bridge domain is used to control which IP subnets can be learned by the fabric. By default, the fabric will learn all IP addresses within a bridge domain. However, if this setting is enabled, the fabric will only learn IP addresses that belong to subnets that are explicitly configured within the bridge domain.

For example, if the bridge domain is configured with a subnet of 10.0.0.0/24, and an EP with an IP address of 192.168.0.10 is connected to the fabric, the fabric will not learn the IP address of the EP because it does not match the configured subnet of the bridge domain.

This setting is useful for security purposes, as it can prevent rogue devices from being able to communicate on the network by limiting the IP addresses that the fabric will learn.

Option A, "Limit IP learning to network" setting within the bridge domain, is not a valid setting. Option B, "Limit IP learning to subnet" setting within the EP, is not a valid setting either, as endpoints do not have the ability to control what subnets can be learned by the fabric. Option C, "Limit IP learning to network" setting within the EP, is not a valid setting either, as it only controls whether the endpoint can learn IP addresses from other networks.