Home » Cisco » 300-320 » Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI?
Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two)
A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are not associated with EPGs
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs
Correct Answer: AF
Explanation/Reference:
There may be times when the ACI administrator might need to deny traffic that is allowed by another contract. Taboos are a special type of contract that an ACI administrator can use to deny specific traffic that would otherwise be allowed by another contract. Taboos can be used to drop traffic matching a pattern (any EPG, a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of regular contracts are applied. Taboo contracts are not recommended as part of the ACI best practices but they can be used to transition from traditional networking to ACI. To imitate the traditional networking concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain types of traffic."
EPG – End-Point Groups