ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 26 discussion

Actual exam question from Cisco's 300-620
Question #: 26
Topic #: 1
[All 300-620 Questions]

DRAG DROP -

Refer to the exhibit. A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all inter EPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During failover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left into the implementation order on the right to configure the service graph that meets the requirements. (Not all steps are used.)
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/L4-L7_services_deployment/3_2_1/b_L4L7_Deploy_321/ b_L4L7_Deploy_321_chapter_01001.html
by thiyagas at Jan. 15, 2021, 1:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 2 years, 8 months ago
To configure Service Graph in managed or unmanaged mode , Configuration steps should be as follows : 1.Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2.Create a Layer 4 to Layer 7 service graph template . 3.Select a redirect policy with enabled any cast and the Layer 3 destination . 4.Apply a service a graph template and select vzAny EPG as the consumer and provider 5.Select the existing contract with customer IP Ether Type filter . 6.Select the same cluster interface under Consumer Connector and Provider connector .
upvoted 9 times
onix
1 year, 8 months ago
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_011001.pdf Anycast services are not supported with the following features and options: • Two firewalls in an Active/Standby relationship (in this scenario, the Anycast service is active in only one pod and all traffic is sent using the active service) So 3 should be: Select a redirect policy with the Layer 3 destination.
upvoted 3 times
...
nikomski
2 years, 8 months ago
1.Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2.Create a Layer 4 to Layer 7 service graph template . 3.Apply a service a graph template and select vzAny EPG as the consumer and provider 4.Select the existing contract with customer IP Ether Type filter . 5.Select a redirect policy with enabled any cast and the Layer 3 destination . 6.Select the same cluster interface under Consumer Connector and Provider connector .
upvoted 13 times
Jey10
2 years, 4 months ago
It is OK except 5 => it should be without anycast
upvoted 6 times
...
...
...
Said75
Highly Voted 4 months ago
Correct Answer and verified on my lab : 1.Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2.Create a Layer 4 to Layer 7 service graph template . 3.Apply a service a graph template and select vzAny EPG as the consumer and provider 4.Select the existing contract with customer IP Ether Type filter . 5.Select a redirect policy with the Layer 3 destination . 6.Select the same cluster interface under Consumer Connector and Provider connector .
upvoted 7 times
...
2eb1ea8
Most Recent 2 months ago
1. Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2. Create a Layer 4 to Layer 7 service graph template. 3. Apply a service a graph template and select vzAny EPG as the consumer and provider. 4. Select the existing contract with customer IP EtherType filter. 5. Select a redirect policy with enabled anycast and the layer 3 destination (Enabling anycast ensures that the standby firewall can use the same IP and MAC address as the primary firewall during failover. The layer 3 destination specifies the firewall's IP address). 6. Select the same cluster interface under Consumer Connector and Provider connector.
upvoted 1 times
...
korthab
1 year, 1 month ago
I think this is the correct answer based on the steps i watched on labminutes.com. 1. Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2. Create a Layer 4 to Layer 7 service graph template. 3. Apply a service a graph template and select vzAny EPG as the consumer and provider. 4. Select the existing contract with customer IP EtherType filter. 5. Select a redirect policy with Layer 3 destination. 6. Select the same cluster interface under Consumer Connector and Provider connector. Labminutes LINK: https://www.labminutes.com/dc0032_aci_service_graph_pbr_fw_1 Anycast LINK: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_011001.pdf Quote: " Anycast services are not supported with the following features and options: • Two firewalls in an Active/Standby relationship (in this scenario, the Anycast service is active in only one pod and all traffic is sent using the active service) "
upvoted 5 times
...
ciscoaci2022
1 year, 7 months ago
The correct answer should be: 1.Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2.Create a Layer 4 to Layer 7 service graph template . 3.Apply a service a graph template and select vzAny EPG as the consumer and provider 4.Select the existing contract with customer IP Ether Type filter . 5.Select a redirect policy with the Layer 3 destination . 6.Select the same cluster interface under Consumer Connector and Provider connector since the Anycast services are not supported with the following features and options: • Two firewalls in an Active/Standby relationship (in this scenario, the Anycast service is active in only one pod and all traffic is sent using the active service) So 3 should be: Select a redirect policy with the Layer 3 destination.
upvoted 4 times
...
muhnator
1 year, 8 months ago
1.Create a service bridge domain and a Layer 4 to Layer 7 device with on cluster interface. 2.Create a Layer 4 to Layer 7 service graph template . 3.Apply a service a graph template and select vzAny EPG as the consumer and provider 4.Select the existing contract with customer IP Ether Type filter . 5.Select a redirect policy with the Layer 3 destination . 6.Select the same cluster interface under Consumer Connector and Provider connector .
upvoted 4 times
...
nabilzay
2 years, 7 months ago
I think nikmski's answer is right based on this doc: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/L4-L7_Services_Deployment/guide/b_L4L7_Deploy_ver201/b_L4L7_Deploy_ver201_chapter_010100.html#id_27316 However not sure if anycast is needed, I'd say no
upvoted 2 times
...
Kalpesh
2 years, 7 months ago
I think anycast is also not needed as it's a active/standby setup not Active/Active.
upvoted 3 times
...
thiyagas
2 years, 8 months ago
not sure if this answer is correct... any comment.?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago