Endpoint Security Group

Location in GUI: Tenants » XXX » Application Profiles » XXX » Endpoint Security Groups

Diagram

Classes

application_profiles (apic.tenants)

Name	Type	Constraint	Mandatory	Default Value
endpoint_security_groups	List	`[endpoint_security_groups]`	No

endpoint_security_groups (apic.tenants.application_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
vrf	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
shutdown	Boolean	`true`, `false`	No	`false`
intra_esg_isolation	Boolean	`true`, `false`	No	`false`
preferred_group	Boolean	`true`, `false`	No	`false`
contracts	Class	`[contracts]`	No
tag_selectors	List	`[tag_selectors]`	No
epg_selectors	List	`[epg_selectors]`	No
ip_subnet_selectors	List	`[ip_subnet_selectors]`	No

contracts (apic.tenants.application_profiles.endpoint_security_groups)

Name	Type	Constraint	Mandatory
consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
providers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
imported_consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
intra_esgs	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
masters	List	`[masters]`	No

tag_selectors (apic.tenants.application_profiles.endpoint_security_groups)

Name	Type	Constraint	Mandatory	Default Value
key	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
operator	Choice	`contains`, `equals`, `regex`	No	`equals`
value	String	Regex: `^[a-zA-Z0-9_.,:^$\[\](){}\|+*-]{1,128}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No

epg_selectors (apic.tenants.application_profiles.endpoint_security_groups)

Name	Type	Constraint	Mandatory
application_profile	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
endpoint_group	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No

ip_subnet_selectors (apic.tenants.application_profiles.endpoint_security_groups)

Name	Type	Constraint	Mandatory	Default Value
value	IP		Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No

masters (apic.tenants.application_profiles.endpoint_security_groups.contracts)

Name	Type	Constraint	Mandatory	Default Value
application_profile	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
endpoint_security_group	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes

Examples

Simple example:

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_security_groups:
            - name: ESG1
              vrf: VRF1
              contracts:
                consumers:
                  - CON1
                providers:
                  - CON2
              ip_subnet_selectors:
                - value: 10.1.1.0/24
                  description: IP Subnet Selector 1

Full example:

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_security_groups:
            - name: ESG1
              description: ESG1 description
              vrf: VRF1
              shutdown: true
              intra_esg_isolation: true
              preferred_group: true
              contracts:
                consumers:
                  - CON3
                providers:
                  - CON3
                imported_consumers:
                  - IMPORTED-CON1
                intra_esgs:
                  - CON3
                masters:
                  - application_profile: AP1
                    endpoint_security_group: ESG2
              tag_selectors:
                - key: KEY1
                  operator: contains
                  value: VALUE1
                  description: TAG Selector 1
              epg_selectors:
                - application_profile: AP1
                  endpoint_group: EPG1
                  description: EPG Selector 1
              ip_subnet_selectors:
                - value: 10.1.1.0/24
                  description: IP Subnet Selector 1