Extranet Policy

Location in GUI: Provision » SD-Access » Extranet Policies

Example 1: Basic Extranet Policy for Single Fabric Site

This example demonstrates how to create a basic extranet policy that enables communication between a provider virtual network and subscriber virtual networks within a specific SD-Access fabric site. Extranet policies allow controlled inter-VN communication, enabling specific virtual networks to share resources or services while maintaining overall network segmentation.

The extranet policy configuration includes:

• Policy name for identification and management
• Provider virtual network that shares resources or services
• One or more subscriber virtual networks that consume the shared resources
• Fabric site association for policy scope

catalyst_center:
  fabric:
    extranet_policies:
      - name: SHARED_SERVICES_POLICY
        provider_virtual_network: SERVICES_VN
        subscriber_virtual_networks:
          - CORPORATE_VN
          - GUEST_VN
        fabric_sites:
          - Global/Campus/Building1

Example 2: Multi-Site Extranet Policy

This example shows how to configure an extranet policy that spans multiple fabric sites, enabling consistent inter-VN communication across different locations in the SD-Access deployment. This is useful for enterprise-wide shared services that need to be accessible from multiple sites.

catalyst_center:
  fabric:
    extranet_policies:
      - name: ENTERPRISE_SHARED_SERVICES
        provider_virtual_network: SHARED_SERVICES_VN
        subscriber_virtual_networks:
          - FINANCE_VN
          - HR_VN
          - ENGINEERING_VN
        fabric_sites:
          - Global/North_America/HQ
          - Global/North_America/Branch_Office
          - Global/Europe/London_Office