Configuring Intra-EPG Isolation for a VMware VDS or Microsoft Hyper-V Virtual Switch

This procedure shows you how to use the Cisco APIC REST API to configure intra-EPG isolation for a VMware vSphere Distributed Switch (VDS) or Microsoft Hyper-V virtual switch. This procedure performs the same operation as the GUI procedure of the same name in the Cisco APIC Layer 2 Networking Configuration Guide.

Procedure

To configure intra-EPG isolation, send a POST with XML similar to one of the following examples.

For a VMware VDS:

POST https://<apic-ip-address>/api/mo/uni/tn-ExampleCorp.xml

<fvTenant name="Tenant_VMM"> 
    <fvAp name="Web"> 
        <fvAEPg name="IntraEPGDeny" pcEnfPref="enforced"> 
            <!-- pcEnfPref="enforced" ENABLES ISOLATION--> 
            <fvRsBd tnFvBDName="bd"/> 
            <!-- STATIC ENCAP ASSOCIATION TO VMM DOMAIN-->
            <fvRsDomAtt encap="vlan-2001" instrImedcy="lazy" primaryEncap="vlan-2002" resImedcy="immediate" tDn="uni/vmmp-VMware/dom-DVS1"> 
        </fvAEPg>    
    </fvAp> 
</fvTenant>

For a Microsoft Hyper-V virtual switch:

POST https://<apic-ip-address>/api/mo/uni/tn-ExampleCorp.xml

<fvTenant name="Tenant_VMM" > 
    <fvAp name="Web"> 
        <fvAEPg name="IntraEPGDeny" pcEnfPref="enforced"> 
            <!-- pcEnfPref="enforced" ENABLES ISOLATION--> 
            <fvRsBd tnFvBDName="bd" />   
            <!-- STATIC ENCAP ASSOCIATION TO VMM DOMAIN-->
            <fvRsDomAtt tDn="uni/vmmp-Microsoft/dom-domain1">
            <fvRsDomAtt encap="vlan-2004" instrImedcy="lazy" primaryEncap="vlan-2003"
            resImedcy="immediate" tDn="uni/vmmp-Microsoft/dom-domain2">
        </fvAEPg>    
    </fvAp> 
</fvTenant>