Skip to content

Endpoint IP Tag

Location in GUI: Tenants » XXX » Policies » Endpoint Tags » Endpoint IP

Diagram
NameTypeConstraintMandatoryDefault Value
endpoint_ip_tagsList[endpoint_ip_tags]No

NameTypeConstraintMandatoryDefault Value
ipIPYes
vrfStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
tagsList[tags]No

tags (apic.tenants.policies.endpoint_ip_tags)

Section titled “tags (apic.tenants.policies.endpoint_ip_tags)”
NameTypeConstraintMandatoryDefault Value
keyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
valueStringRegex: ^[a-zA-Z0-9_.:-]{1,128}$Yes

Example-1: This data model associates Endpoint Tags based on source IP addresses, supporting both IPv4 and IPv6 formats. This tagging mechanism enables the classification of endpoints into Endpoint Security Groups (ESGs) through tag selectors, thereby facilitating the application and management of security policies. Endpoint Tag objects represent the IP address of an endpoint independently of its learning state. These tags serve as metadata or descriptors for the IP address within a specific VRF and can be created and maintained even before the fabric learns the IP address.

IP Tags are more suitable when IP addresses are stable and VMM integration or routing is in place.

apic:
tenants:
- name: ABC
policies:
endpoint_ip_tags:
- ip: 1.1.1.1
vrf: VRF1
tags:
- key: Environment
value: Prod
- ip: 2001::1
vrf: VRF1
tags:
- key: Environment
value: Prod
- key: Protocol
value: IPv6