CCIE Data Center (legacy) — Question 65

In which three ways can you house Edge Transport servers on their perimeter network in ACI without investing extra cost in buying additional hardware? (Choose three.)

Answer options

• A. Create an L3Out to route peer with an ASA firewall to isolate traffic with security rules
• B. Create a private VRF with default enforcement policy. Configure a bridge domain with a subnet assigned to a private VRF.
• C. No need to create Contracts. A default enforcement policy allows all traffic to forward.
• D. Choose options "Shared Route Control Subnet" and "Shared Import Security Subnet".
• E. Create Contracts to enforce policy between Edge Transport servers EPG and backend mailbox servers EPG.

Correct answer: A, B, C

Explanation

The correct answers A, B, and C highlight ways to configure Edge Transport servers effectively without additional costs. Option A allows for traffic isolation with an existing firewall, option B involves using a private VRF and bridge domain to manage traffic, and option C states that a default enforcement policy can suffice without creating Contracts. Options D and E involve additional configurations or policies that may require further resources or hardware, which contradicts the question's criteria.