You can create or modify or remove tenant contracts to control traffic flow between endpoint groups. Only users with the administrator privilege can create, modify, or remove a contract.
To create a contract using the ACI GUI, follow these steps:
Step 1. On the menu bar, choose Tenants > ALL TENANTS. In the Work pane, choose Tenant_Name.
Step 2. In the Navigation pane, choose Tenant_Name > Contracts.
Step 3. In the Work pane, choose Actions > Create Contract.
Step 4. In the Create Contract dialog box, perform the following actions:
Enter a Contract Name.
Choose a Contract Scope (optional).
Choose a QoS Class (optional).
Click + (the plus sign) next to the Subject to add a Contract Subject.
In the Create Contract Subject dialog box, perform the following actions:
Enter a Contract Subject Name.
Click + in the Filter Chain field.
Step 5. Click Update, click OK, and then click Submit.
To create a contract using the Cisco NX-OS, follow these steps:
Step 1. Get into the configuration mode using the Cisco NX-OS CLI. Then enter the following:
apic1# configure
apic1(config)#
Step 2. To create the contracts and assign an access group (filters) for HTTPS traffic between EPGs, enter the following:
apic1(config)# tenant <tenant name>
apic1(config-tenant)# contract <contract name>
apic1(config-tenant-contract)# subject <subject name>
apic1(config-tenant-contract-subj)# access-group <access group name> both
apic1(config-tenant-contract-subj)# exit
apic1(config-tenant-contract)# exit
To modify an existing contract using the ACI GUI, follow these steps:
Step 1. On the menu bar, choose Tenants > ALL TENANTS. Then in the Work pane, choose Tenant_Name.
Step 2. In the Navigation pane, choose Tenant_Name > Contracts > Contract_Name.
Step 3. In the Work pane, choose the Policy tab. Then do the following:
Choose a Contract Scope (optional).
Choose a QoS Class (optional).
Click + next to the Subject field to add a Contract Subject.
In the Create Contract Subject dialog box, perform the following actions:
Enter a Contract Subject Name.
Click + next to Filter Chain.
Step 4. Click Update, click OK, and then click Submit.
To remove a contract using the ACI GUI, follow these steps:
Step 1. On the menu bar, choose Tenants > ALL TENANTS. In the Work pane, choose Tenant_Name.
Step 2. In the Navigation pane, choose Tenant_Name > Contracts > Contract_Name.
Step 3. In the Work pane, choose Actions > Delete.
To verify a contract using the ACI API or shell command, you can use these commands:
REST API: /api/node/class/vzBrCP.xml
Shell Command : admin@apic1:~> moquery -c vzBrCP
To apply a contract to an EPG using the ACI GUI, follow these steps:
Step 1. On the menu bar, choose Tenants > ALL TENANTS. In the Work pane, choose Tenant_Name.
Step 2. In the Navigation pane, choose Tenant_Name > Application Profiles > Application_Profile_Name > Application EPGs > EPG_Name > Contracts.
Step 3. In the Work pane, choose Actions > Add Provided Contract or Actions > Add Consumed Contract.
Note
Choose the action depending on how the contract is to be deployed.
In the Add Contract dialog box, perform the following actions:
Enter a Contract_Name.
Choose a QOS policy (optional).
Choose a Label (optional).
Step 4. Click Submit.