Endpoint Security Group
Location in GUI: Tenants » XXX » Application Profiles » XXX » Endpoint Security Groups
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”application_profiles (apic.tenants)
Section titled “application_profiles (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| endpoint_security_groups | List | [endpoint_security_groups] | No |
endpoint_security_groups (apic.tenants.application_profiles)
Section titled “endpoint_security_groups (apic.tenants.application_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| vrf | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| shutdown | Boolean | true, false | No | false |
| intra_esg_isolation | Boolean | true, false | No | false |
| preferred_group | Boolean | true, false | No | false |
| deployment_immediacy | Choice | immediate, lazy | No | |
| contracts | Class | [contracts] | No | |
| tag_selectors | List | [tag_selectors] | No | |
| epg_selectors | List | [epg_selectors] | No | |
| ip_subnet_selectors | List | [ip_subnet_selectors] | No |
contracts (apic.tenants.application_profiles.endpoint_security_groups)
Section titled “contracts (apic.tenants.application_profiles.endpoint_security_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| providers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| imported_consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| intra_esgs | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| masters | List | [masters] | No |
tag_selectors (apic.tenants.application_profiles.endpoint_security_groups)
Section titled “tag_selectors (apic.tenants.application_profiles.endpoint_security_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| key | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| operator | Choice | contains, equals, regex | No | equals |
| value | String | Regex: ^[a-zA-Z0-9_.,:^$\[\](){}|+*-]{1,128}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No |
epg_selectors (apic.tenants.application_profiles.endpoint_security_groups)
Section titled “epg_selectors (apic.tenants.application_profiles.endpoint_security_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| application_profile | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| endpoint_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No |
ip_subnet_selectors (apic.tenants.application_profiles.endpoint_security_groups)
Section titled “ip_subnet_selectors (apic.tenants.application_profiles.endpoint_security_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| value | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No |
masters (apic.tenants.application_profiles.endpoint_security_groups.contracts)
Section titled “masters (apic.tenants.application_profiles.endpoint_security_groups.contracts)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| application_profile | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| endpoint_security_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
Examples
Section titled “Examples”Example-1: The configuration below demonstrates how to configure an endpoint security group PROD_Low_ESG under the PROD_AP application profile in tenant PROD. The ESG ledverages ip_subnet_selectors to logically group Endpoints based on their IP subnets (192.168.153.0/24). The example would not be complete without highlighting the use of different provide/consume contracts (PROD_EW_PBR_CT) for this ESG, enabling precise control of communication.
apic: tenants: - name: PROD application_profiles: - name: PROD_AP endpoint_security_groups: # ESGs - name: PROD_Low_ESG vrf: PROD contracts: consumers: - PROD_EW_PBR_CT providers: - PROD_EW_PBR_CT ip_subnet_selectors: - value: 192.168.153.0/24 description: IP Subnet Selector for the PROD_Low_BD subnetSimple example:
apic: tenants: - name: ABC application_profiles: - name: AP1 endpoint_security_groups: - name: ESG1 vrf: VRF1 contracts: consumers: - CON1 providers: - CON2 ip_subnet_selectors: - value: 10.1.1.0/24 description: IP Subnet Selector 1Full example:
apic: tenants: - name: ABC application_profiles: - name: AP1 endpoint_security_groups: - name: ESG1 description: ESG1 description vrf: VRF1 shutdown: true intra_esg_isolation: true preferred_group: true contracts: consumers: - CON3 providers: - CON3 imported_consumers: - IMPORTED-CON1 intra_esgs: - CON3 masters: - application_profile: AP1 endpoint_security_group: ESG2 tag_selectors: - key: KEY1 operator: contains value: VALUE1 description: TAG Selector 1 epg_selectors: - application_profile: AP1 endpoint_group: EPG1 description: EPG Selector 1 ip_subnet_selectors: - value: 10.1.1.0/24 description: IP Subnet Selector 1