Implementing Cisco Application Centric Infrastructure (DCACI) — Question 223

An engineer is implementing an out-of-band (OOB) management access for the Cisco ACI fabric. The secure access must meet these requirements:

• Only GUI and secure shell must be allowed to access the management interfaces of the ACIs.
• The only IP ranges that must be permitted to connect the fabric will be 10.10.10.0/24 and 192.168.15.0/24.

Which configuration set meets these requirements?

Answer options

• A. Implement HTTPS and SSH protocol filters in the OOB contract. Add the required subnets to the external network instance profile.
• B. Set up static IPs on the management interfaces from the required IP range. Add the required subnets to the external network instance profile.
• C. Create an out-of-band EPG in the external management entity. Associate the management profile with the OOB contract.
• D. Create an out-of-band EPG in the common tenant. Associate the external network instance profile with the OOB contract.

Correct answer: A

Explanation

Option A is correct because it specifically addresses the requirement to allow only GUI and SSH access by implementing protocol filters and includes the necessary IP ranges in the external network instance profile. Option B does not address the protocol filtering requirement, while options C and D do not specify the necessary protocols and IP ranges needed for OOB access.