らくがきちょう

なんとなく

Cisco ACI 3.0(1) の新機能

今更ですが、Cisco ACI 3.0(1) のリリースノートを眺めて、個人的に面白そうな機能をメモしてみました。 NetFlow support for Cisco AVS とのことですが、逆に『今まで AVS では NetFlow 非サポート』ということを知らなかったので参考になりました。

No. Feature Description
1 802.1x support IEEE 802.1x is a port-based authentication mechanism to prevent unauthorized devices from gaining access to the network.
2 Enforced Bridge Domain An end point in a subject endpoint group (EPG) can only ping subnet gateways within the associated bridge domain. You can then create a global exception list of IP addresses which can ping any subnet gateway.
3 Intra-EPG contracts Intra-EPG contracts allow some communication and forbid other communication between endpoints in the same EPG. Otherwise, intra-EPG communication is unrestricted by default or barred completely. Intra-EPG contracts can be configured for application EPGs and uSeg EPG) on VMware VDS, Open vSwitch (OVS), and baremetal servers. For information, see the Cisco APIC Basic Configuration Guide.
4 NetFlow support for Cisco AVS NetFlow technology is now supported for Cisco AVS. NetFlow provides the metering base for a key set of applications, including network traffic accounting, usage-based network billing, denial of services monitoring, network monitoring, and data mining. For information, see the Cisco ACI Virtualization Guide.
5 SAML Management and 2 Factor Authentication SAML is an XML-based open standard data format that uses security tokens containing assertions that pass information between an SAML identity provider and a SAML service provider.
6 Local User Authentication using OTP OTP is a one-time password that is valid for only one session. Once OTP is enabled, APIC generates a random human readable 16 binary octets that are base32 OTP Key.
7 Password Strength Allows configuration of user password parameters for security management.

余談ですが、3.0(1) からログイン画面が UCS Director のようになりました! あと、Mode の選択肢が無くなりました…

f:id:sig9:20170920092612p:plain