Cisco ACI Interview Questions and Answers

Basic Questions (80)

1. What is Cisco ACI?

Answer: Cisco ACI (Application Centric Infrastructure) is a software-defined networking

(SDN) solution for data centers. It automates network management using policies, making
it easier to deploy and manage applications. Scenario: Imagine a data center where you
manually configure each switch. ACI acts like a "smart manager" that automates this.
Memory Tip: Think of ACI as "Automated Control Intelligence" for networks. Picture a
robot managing your network switches.

2. What are the main components of ACI architecture?

Answer: Spine switches, Leaf switches, and APIC (Application Policy Infrastructure
Controller). Scenario: In a data center, spines connect all leaf switches, and APIC is the
brain controlling them. Memory Tip: Use "SLA" (Spine, Leaf, APIC). Imagine a tree: Spine
(trunk), Leaf (branches), APIC (gardener).

3. What is the role of APIC?

Answer: APIC is the centralized controller that manages policies, automates configurations,
and monitors the ACI fabric. Scenario: If a new application needs specific network settings,
APIC applies them across the fabric instantly. Memory Tip: APIC = "Application Policy In
Charge." Picture a conductor leading an orchestra.

4. What is a Tenant in ACI?

Answer: A Tenant is a logical container for policies, isolating applications or customers, like
a virtual network. Scenario: A company hosts two clients; each client’s network is a
separate Tenant. Memory Tip: Think of Tenants as "apartments" in a building, each with its
own rules.

5. What is a Bridge Domain (BD)?

Answer: A Bridge Domain is a Layer 2 forwarding domain, similar to a VLAN, defining how
devices communicate. Scenario: Servers in the same BD can talk without routing, like
devices in the same VLAN. Memory Tip: BD = "Bridge for Devices." Imagine a bridge
connecting devices in a neighborhood.

6. What is an Endpoint Group (EPG)?

Answer: An EPG groups endpoints (like servers or VMs) with similar policy needs, like
security or QoS. Scenario: All web servers in an app are grouped in one EPG for consistent
policies. Memory Tip: EPG = "Endpoint Party Group." Picture a party where similar devices
hang out.

7. What are Contracts in ACI?

Answer: Contracts define rules for communication between EPGs, like a firewall policy.
Scenario: An EPG for web servers allows HTTP traffic from a client EPG via a Contract.
Memory Tip: Contracts = "Communication Contracts." Think of a handshake agreement
between groups.

8. What is the ACI Fabric?

Answer: The ACI Fabric is the network of Spine and Leaf switches managed by APIC,
forming a scalable data center network. Scenario: A large data center uses the fabric to
connect thousands of servers efficiently. Memory Tip: Fabric = "Network Fabric." Imagine a
woven cloth connecting all devices.

9. What switches are used in ACI?

Answer: Cisco Nexus 9000 series, with Nexus 9500 as spines and Nexus 9300 as leaves.
Scenario: A data center upgrades to Nexus 9300 for leaf switches to support ACI. Memory
Tip: 9 = Nexus 9000. Picture "9" for nine-thousand series switches.

10. What is Spine-Leaf architecture?

Answer: A two-tier design where Leaf switches connect endpoints, and Spine switches
connect all Leaves, ensuring scalability.

Scenario: In a data center, Leaf switches connect servers, and Spines link all Leaves for fast
communication.

Memory Tip: Think of a "spine" (backbone) supporting "leaves" (branches) in a tree.

11. What protocol do Spine and Leaf switches use internally?

Answer: IS-IS (Intermediate System to Intermediate System) for routing within the fabric.
Scenario: IS-IS ensures Spine and Leaf switches share routing info for efficient data paths.
Memory Tip: IS-IS = "Inside System for Internal Switching." Picture a GPS for the fabric.

12. What is VXLAN in ACI?

Answer: VXLAN (Virtual Extensible LAN) is a tunneling protocol that ACI uses to create
scalable, isolated networks. Scenario: VXLAN allows servers in different locations to act
like they’re on the same LAN. Memory Tip: VXLAN = "Virtual Xtra LAN." Think of a virtual
highway connecting networks.

13. What is an Application Profile (ANP)?

Answer: An Application Profile groups EPGs and Contracts for a specific application.
Scenario: A web app has an ANP with EPGs for web, app, and database servers. Memory
Tip: ANP = "App’s Network Plan." Picture a blueprint for an app’s network.

14. What is the Global Station Table (GST)?

Answer: GST is a database on Spine switches storing all endpoint information in the ACI
fabric. Scenario: When a Leaf needs to find an endpoint, it queries the Spine’s GST.
Memory Tip: GST = "Global Switch Table." Imagine a global phonebook for endpoints.

15. What is the Local Station Table (LST)?

Answer: LST is a database on Leaf switches storing local endpoint information. Scenario: A
Leaf uses its LST to forward packets to directly connected servers. Memory Tip: LST =
"Local Switch Table." Think of a local address book.

16. What is the purpose of VRF in ACI?

Answer: VRF (Virtual Routing and Forwarding) provides Layer 3 isolation within a Tenant.
Scenario: Two departments in a Tenant use separate VRFs for isolated routing. Memory
Tip: VRF = "Virtual Route Fence." Picture a fence separating traffic routes.

17. How does ACI handle VLANs?

Answer: ACI maps VLANs to EPGs and Bridge Domains, abstracting them from physical
interfaces. Scenario: A server tagged with VLAN 10 is mapped to an EPG for policy
application. Memory Tip: VLAN = "Virtual LAN in ACI." Think of VLANs as labels for EPGs.

18. What is a Fabric Extender (FEX) in ACI?

Answer: FEX extends Leaf switch ports to connect more endpoints without adding
switches. Scenario: A data center uses FEX to connect additional servers to a Leaf switch.
Memory Tip: FEX = "Fabric EXtender." Imagine an extension cord for ports.

19. What is the role of MP-BGP in ACI?

Answer: Multi-Protocol BGP (MP-BGP) distributes endpoint information across the fabric.
Scenario: MP-BGP ensures a new server’s IP is known to all switches. Memory Tip: MP-
BGP = "Multi-Path Border Gateway Protocol." Picture a mail carrier spreading endpoint
news.

20. What is a Policy Layer in ACI?

Answer: The Policy Layer is where administrators define logical policies via APIC, like EPGs
and Contracts. Scenario: You set up a policy to allow web traffic using APIC’s GUI. Memory
Tip: Policy Layer = "Plan Layer." Imagine planning a party’s rules.
21. What is a Physical Domain in ACI?

Answer: A Physical Domain maps physical ports to VLAN pools for connectivity. Scenario:
Servers connected to a Leaf switch use a Physical Domain to access the fabric. Memory Tip:
Physical Domain = "Port Domain." Picture a door for physical connections.

22. What is an Access Policy in ACI?

Answer: Access Policies define how Leaf switch ports connect to endpoints, like VLAN
assignments. Scenario: You configure a Leaf port to accept VLAN 10 traffic for a server.
Memory Tip: Access Policy = "Access Pass." Think of a ticket for port access.

23. What is a VLAN Pool in ACI?

Answer: A VLAN Pool is a range of VLANs assigned to Physical or Virtual Domains.

Scenario: A VLAN Pool of 10-100 is used for server connectivity. Memory Tip: VLAN Pool
= "VLAN Bucket." Imagine a bucket holding VLAN numbers.

24. What is an Endpoint in ACI?

Answer: An Endpoint is a device (like a server or VM) connected to the ACI fabric.
Scenario: A web server connected to a Leaf switch is an Endpoint. Memory Tip: Endpoint
= "End Device." Picture the "end" of a network cable.

25. What is the difference between a Tenant and a VRF?

Answer: A Tenant is a logical container for policies; a VRF is a routing table within a Tenant
for Layer 3 isolation. Scenario: A Tenant hosts two apps, each with its own VRF for
separate routing. Memory Tip: Tenant = "House," VRF = "Room." A house has multiple
rooms.

26. What is a Context in ACI?

Answer: Context is another term for VRF, providing Layer 3 isolation in a Tenant. Scenario:
A Tenant has two Contexts to separate prod and dev traffic. Memory Tip: Context =
"Container for Xtra Traffic." Picture a box for routing.

27. What is a Fabric Discovery process in ACI?

Answer: Fabric Discovery is how switches join the ACI fabric, registering with APIC using
LLDP. Scenario: A new Leaf switch is connected and automatically joins the fabric. Memory
Tip: Fabric Discovery = "Finding Friends." Imagine switches saying "hello" to APIC.

28. What is LLDP in ACI?

Answer: LLDP (Link Layer Discovery Protocol) helps switches discover neighbors in the
ACI fabric. Scenario: A Leaf switch uses LLDP to identify a connected Spine switch.
Memory Tip: LLDP = "Link Layer Detective Protocol." Picture a detective finding neighbors.

29. What is a Policy Group in ACI?

Answer: A Policy Group bundles interface settings, like speed or VLANs, for Leaf ports.
Scenario: You apply a Policy Group to multiple ports for consistent server connectivity.
Memory Tip: Policy Group = "Port Group." Think of a group hug for ports.

30. What is an Interface Policy in ACI?

Answer: Interface Policies define port settings, like speed or duplex, applied via Policy
Groups. Scenario: You set a 10Gbps Interface Policy for server ports. Memory Tip:
Interface Policy = "Interface Plan." Picture a plan for port behavior.

31. What is a Switch Policy in ACI?

Answer: Switch Policies configure switch-wide settings, like SNMP or NTP, for Leaf or Spine
switches. Scenario: You enable SNMP on all Leaf switches using a Switch Policy. Memory
Tip: Switch Policy = "Switch Settings." Imagine a settings menu for switches.

32. What is a Pod in ACI?

Answer: A Pod is a group of Spine and Leaf switches in one physical location, managed as a
unit. Scenario: A data center has two Pods for redundancy. Memory Tip: Pod = "Pack of
Devices." Picture a pod of whales swimming together.

33. What is a Multi-Pod ACI setup?

Answer: Multi-Pod connects multiple Pods using an Inter-Pod Network (IPN) for
scalability. Scenario: Two data centers operate as one ACI fabric using Multi-Pod. Memory
Tip: Multi-Pod = "Many Pods." Imagine multiple whale pods linked by a sea.

34. What is a Multi-Site ACI setup?

Answer: Multi-Site connects separate ACI fabrics across locations, managed by a Multi-Site
Orchestrator (MSO). Scenario: ACI fabrics in New York and London are linked for global
apps. Memory Tip: Multi-Site = "Multiple Sites." Picture different cities connected by
bridges.

35. What is a Filter in ACI?

Answer: A Filter defines traffic rules (e.g., protocol, port) used in Contracts. Scenario: A
Filter allows TCP port 80 for HTTP traffic in a Contract. Memory Tip: Filter = "Traffic
Filter." Think of a coffee filter letting only certain traffic through.
36. What is a Subject in ACI?

Answer: A Subject links Filters to a Contract, specifying traffic direction or actions.

Scenario: A Subject in a Contract allows HTTP traffic from clients to servers. Memory Tip:
Subject = "Sub-rule of Contract." Picture a chapter in a contract book.

37. What is a Taboo Contract in ACI?

Answer: A Taboo Contract denies specific traffic, overriding other Contracts. Scenario: A
Taboo Contract blocks SSH traffic to an EPG despite other permissions. Memory Tip: Taboo
= "Traffic Ban." Think of a "no entry" sign for traffic.

38. What is a Common Tenant?

Answer: The Common Tenant holds shared resources (like Contracts) used by multiple
Tenants. Scenario: A shared DNS service is placed in the Common Tenant for all apps.
Memory Tip: Common Tenant = "Community Tenant." Picture a shared community center.

39. What is the Infra Tenant?

Answer: The Infra Tenant manages fabric-wide configurations, like VLAN pools or physical
ports. Scenario: You configure a VLAN pool in the Infra Tenant for server access. Memory
Tip: Infra Tenant = "Infrastructure Tenant." Think of the foundation of a building.

40. What is the Mgmt Tenant?

Answer: The Mgmt Tenant handles management traffic, like APIC access or monitoring.
Scenario: You configure an out-of-band network in the Mgmt Tenant for APIC. Memory
Tip: Mgmt Tenant = "Management Tenant." Picture a control room for admins.

41. What is a VLAN Encapsulation in ACI?

Answer: VLAN Encapsulation maps VLAN tags to EPGs for traffic identification. Scenario:
A server’s VLAN 20 traffic is encapsulated to an EPG for policy enforcement. Memory Tip:
Encapsulation = "Envelope for VLAN." Imagine wrapping VLANs in an envelope.

42. What is a Port Channel in ACI?

Answer: A Port Channel bundles multiple physical ports for higher bandwidth and
redundancy. Scenario: Two Leaf ports are bundled to a server for 20Gbps connectivity.
Memory Tip: Port Channel = "Port Bundle." Picture tying ports together like a rope.

43. What is a Virtual Port Channel (vPC) in ACI?

Answer: vPC allows two Leaf switches to act as one for redundant endpoint connectivity.
Scenario: A server connects to two Leaf switches via vPC for failover. Memory Tip: vPC =
"Virtual Port Combo." Imagine two switches teaming up as one.
44. What is an Access Entity Profile (AEP)?

Answer: AEP links Physical Domains to switch ports for endpoint connectivity. Scenario:
An AEP assigns a VLAN pool to Leaf ports for server access. Memory Tip: AEP = "Access
Entry Point." Picture a gate for endpoint access.

45. What is a Leaf Profile in ACI?

Answer: A Leaf Profile groups switch policies for specific Leaf switches. Scenario: You
apply a Leaf Profile to configure SNMP on multiple Leaf switches. Memory Tip: Leaf Profile
= "Leaf Personality." Think of a personality for each Leaf.

46. What is a Spine Profile in ACI?

Answer: A Spine Profile groups switch policies for Spine switches. Scenario: You configure
BGP settings on Spines using a Spine Profile. Memory Tip: Spine Profile = "Spine Settings."
Picture a backbone with specific traits.

47. What is a Fabric Membership in ACI?

Answer: Fabric Membership registers a switch with APIC, assigning it a Node ID. Scenario:
A new Leaf switch is added to the fabric with Node ID 101. Memory Tip: Fabric
Membership = "Fabric Club." Imagine switches joining a club.

48. What is a Node ID in ACI?

Answer: A Node ID uniquely identifies a switch in the ACI fabric. Scenario: Leaf switch 101
and Spine switch 201 have unique Node IDs. Memory Tip: Node ID = "Network ID." Picture
a name tag for switches.

49. What is a TEP in ACI?

Answer: TEP (Tunnel Endpoint) is an IP address assigned to switches for VXLAN tunneling.
Scenario: A Leaf switch uses its TEP to send VXLAN packets to another Leaf. Memory Tip:
TEP = "Tunnel Entry Point." Think of a tunnel entrance for traffic.

50. What is a Proxy ARP in ACI?

Answer: Proxy ARP allows the fabric to respond to ARP requests on behalf of endpoints.
Scenario: A server sends an ARP request, and the Leaf switch replies using Proxy ARP.
Memory Tip: Proxy ARP = "Proxy Answer for Requests." Picture a secretary answering for
someone.

51. What is a Unicast Routing in ACI?

Answer: Unicast Routing enables Layer 3 forwarding within a Bridge Domain or VRF.
Scenario: You enable Unicast Routing in a BD to allow servers to communicate across
subnets. Memory Tip: Unicast = "One-to-One Cast." Imagine a direct phone call.

52. What is a Subnet in ACI?

Answer: A Subnet defines an IP range in a Bridge Domain for endpoint addressing.

Scenario: A BD has a subnet of 192.168.1.0/24 for web servers. Memory Tip: Subnet =
"Sub-Network." Picture a neighborhood in a city.

53. What is a Gateway in ACI?

Answer: A Gateway is the default IP address in a Bridge Domain for routing traffic.
Scenario: Servers in a BD use 192.168.1.1 as their default gateway. Memory Tip: Gateway
= "Gate to Way Out." Imagine a gate to leave the network.

54. What is a L2 Unknown Unicast in ACI?

Answer: L2 Unknown Unicast defines how the fabric handles unknown MAC addresses
(flood or proxy). Scenario: You set L2 Unknown Unicast to "flood" for a BD to broadcast
unknown traffic. Memory Tip: L2 Unknown = "Lost Layer 2." Picture a lost letter being
shouted out.

55. What is a L3 Unknown Multicast in ACI?

Answer: L3 Unknown Multicast defines how unknown multicast traffic is handled (flood or
drop). Scenario: You configure a BD to drop unknown multicast traffic for security.
Memory Tip: L3 Unknown = "Lost Layer 3 Multicast." Imagine ignoring unknown group
messages.

56. What is ARP Flooding in ACI?

Answer: ARP Flooding broadcasts ARP requests in a Bridge Domain if Proxy ARP is
disabled. Scenario: You enable ARP Flooding in a BD for legacy devices. Memory Tip: ARP
Flooding = "ARP Flood." Picture a flood of ARP questions.

57. What is a Fabric Port in ACI?

Answer: A Fabric Port connects Leaf switches to Spine switches in the ACI fabric. Scenario:
A Leaf’s uplink port to a Spine is a Fabric Port. Memory Tip: Fabric Port = "Fabric Link."
Imagine a bridge between Leaf and Spine.

58. What is an Access Port in ACI?

Answer: An Access Port connects endpoints (like servers) to Leaf switches. Scenario: A
server is plugged into a Leaf’s Access Port with VLAN 10. Memory Tip: Access Port =
"Access Point." Picture a door for servers.
59. What is a Trunk Port in ACI?

Answer: A Trunk Port carries multiple VLANs for connectivity to endpoints or other
switches. Scenario: A Trunk Port connects a Leaf to a legacy switch with VLANs 10-20.
Memory Tip: Trunk Port = "Trunk of VLANs." Imagine a tree trunk carrying multiple
branches.

60. What is a Policy Enforcement in ACI?

Answer: Policy Enforcement applies Contracts to control traffic between EPGs. Scenario: A
Contract enforces that only HTTP traffic is allowed between two EPGs. Memory Tip: Policy
Enforcement = "Policy Police." Picture a cop enforcing traffic rules.

61. What is a Consumer EPG in ACI?

Answer: A Consumer EPG receives traffic as defined by a Contract. Scenario: A client EPG
is a Consumer requesting HTTP from a web server EPG. Memory Tip: Consumer =
"Customer EPG." Think of a customer buying services.

62. What is a Provider EPG in ACI?

Answer: A Provider EPG sends traffic as defined by a Contract. Scenario: A web server EPG
is a Provider offering HTTP to a client EPG. Memory Tip: Provider = "Producer EPG."
Picture a shop providing goods.

63. What is a L3Out in ACI?

Answer: L3Out connects the ACI fabric to external Layer 3 networks, like the internet.
Scenario: An L3Out connects the fabric to a WAN router for external access. Memory Tip:
L3Out = "Layer 3 Out." Imagine an exit to the outside world.

64. What is a L2Out in ACI?

Answer: L2Out extends a Bridge Domain to an external Layer 2 network. Scenario: An

L2Out connects a BD to a legacy VLAN for server migration. Memory Tip: L2Out = "Layer 2
Out." Picture a bridge to an external VLAN.

65. What is a Static Binding in ACI?

Answer: Static Binding manually maps an EPG to a port and VLAN for endpoint
connectivity. Scenario: You bind a server’s port to an EPG with VL

65. What is a Static Binding in ACI?

Answer: Static Binding manually maps an EPG to a port and VLAN for endpoint
connectivity. Scenario: You bind a server’s port to an EPG with VLAN 10 for fixed
connectivity. Memory Tip: Static Binding = "Sticky Binding." Imagine gluing an EPG to a
port.

66. What is a Dynamic Binding in ACI?

Answer: Dynamic Binding automatically maps EPGs to ports using protocols like LLDP or
CDP. Scenario: A VM’s port is dynamically assigned to an EPG via VMware integration.
Memory Tip: Dynamic Binding = "Dancing Binding." Picture ports dancing to EPGs
automatically.

67. What is a Microsegmentation in ACI?

Answer: Microsegmentation applies policies to individual endpoints within an EPG for

granular control. Scenario: You isolate a specific server in an EPG to block SSH traffic.
Memory Tip: Microsegmentation = "Micro Split." Imagine splitting an EPG into tiny pieces.

68. What is a Service Graph in ACI?

Answer: A Service Graph inserts network services (like firewalls) into the traffic path
between EPGs. Scenario: A Service Graph routes traffic through a firewall between two
EPGs. Memory Tip: Service Graph = "Service Map." Picture a map directing traffic through
services.

69. What is a Device Package in ACI?

Answer: A Device Package is a software plugin for APIC to manage third-party devices, like
firewalls. Scenario: You upload a Device Package to manage a Palo Alto firewall in ACI.
Memory Tip: Device Package = "Device Plugin." Imagine a USB plugin for devices.

70. What is a Fabric Interface in ACI?

Answer: A Fabric Interface is a logical interface for fabric connectivity, like VXLAN tunnels.
Scenario: A Leaf uses a Fabric Interface to send VXLAN traffic to a Spine. Memory Tip:
Fabric Interface = "Fabric Face." Picture the face of fabric communication.

71. What is a VMM Domain in ACI?

Answer: A VMM (Virtual Machine Manager) Domain integrates ACI with virtualization
platforms like VMware. Scenario: A VMM Domain connects ACI to vCenter for VM policy
management. Memory Tip: VMM Domain = "Virtual Machine Mate." Imagine a partner for
VMs.

72. What is a Hypervisor Integration in ACI?

Answer: Hypervisor Integration connects ACI to hypervisors (e.g., VMware, Hyper-V) for
VM networking. Scenario: ACI applies EPG policies to VMs via vCenter integration.
Memory Tip: Hypervisor Integration = "Hyper Link." Picture a hyperlink to VMs.
73. What is a Policy-Based Redirect (PBR) in ACI?

Answer: PBR redirects traffic to a service device, like a load balancer, based on policies.
Scenario: Traffic to a web EPG is redirected to a load balancer using PBR. Memory Tip:
PBR = "Policy-Based Road." Imagine a road detour to a service.

74. What is a Fault in ACI?

Answer: A Fault is an error or warning in the ACI fabric, like a port down or
misconfiguration. Scenario: A Fault appears when a Leaf port loses connectivity. Memory
Tip: Fault = "Fabric Alert." Picture a red alert for problems.

75. What is an Event in ACI?

Answer: An Event is a logged action in ACI, like a policy change or switch reboot. Scenario:
An Event is logged when you create a new EPG. Memory Tip: Event = "ACI Diary Entry."
Imagine a diary noting fabric actions.

76. What is a Health Score in ACI?

Answer: A Health Score indicates the operational status of ACI components, from 0 (bad) to
100 (good). Scenario: A Leaf switch with a downed port has a Health Score of 80. Memory
Tip: Health Score = "Fabric Fitness." Picture a fitness score for switches.

77. What is a Managed Object in ACI?

Answer: A Managed Object is any configurable entity in ACI, like an EPG or Contract.
Scenario: You modify a Managed Object to update a Contract’s Filter. Memory Tip:
Managed Object = "Managed Item." Imagine items in a management app.

78. What is the ACI GUI?

Answer: The ACI GUI is the web interface of APIC for configuring and monitoring the fabric.
Scenario: You use the GUI to create a new Tenant and EPG. Memory Tip: ACI GUI =
"Graphic User Interface." Picture a dashboard for ACI.

79. What is the ACI CLI?

Answer: The ACI CLI is the command-line interface for configuring and troubleshooting
APIC. Scenario: You use the CLI to check a Leaf switch’s status. Memory Tip: ACI CLI =
"Command Line Input." Imagine typing commands in a terminal.

80. What is a Snapshot in ACI?

Answer: A Snapshot is a backup of the ACI fabric’s configuration at a specific time.

Scenario: You take a Snapshot before a major policy change for rollback. Memory Tip:
Snapshot = "System Photo." Picture a photo of the fabric’s state.
Intermediate Questions (80)

81. How does ACI handle multicast traffic?

Answer: ACI uses PIM (Protocol Independent Multicast) within Bridge Domains to manage
multicast traffic. Scenario: A video streaming app uses multicast in a BD for efficient
delivery. Memory Tip: Multicast = "Multi Cast." Picture a radio broadcast to many listeners.

82. What is a GARP in ACI?

Answer: GARP (Gratuitous ARP) is used by ACI to update endpoint MAC-to-IP mappings.
Scenario: A VM migrates, and ACI sends a GARP to update the fabric. Memory Tip: GARP =
"Gratuitous Address Refresh." Imagine shouting a new address.

83. How does ACI support QoS?

Answer: ACI applies QoS policies to prioritize traffic using Contracts and EPGs. Scenario:
You prioritize VoIP traffic in a Contract for low latency. Memory Tip: QoS = "Quality of
Service." Picture a VIP lane for important traffic.

84. What is a Contract Scope in ACI?

Answer: Contract Scope defines where a Contract applies: VRF, Tenant, or Global. Scenario:
A Contract with Tenant scope applies only within one Tenant. Memory Tip: Scope = "Span
of Control." Imagine a spotlight’s range.

85. What is a Preferred Group in ACI?

Answer: A Preferred Group allows unrestricted communication between EPGs within a

VRF. Scenario: You add EPGs to a Preferred Group for open communication in a VRF.
Memory Tip: Preferred Group = "VIP Club." Picture a club with no restrictions.

86. What is an External EPG in ACI?

Answer: An External EPG represents external devices connected via L3Out or L2Out.
Scenario: An External EPG defines a WAN router for internet access. Memory Tip: External
EPG = "Outside EPG." Imagine a guest from outside the fabric.

87. How does ACI handle load balancing?

Answer: ACI uses PBR or external load balancers integrated via Service Graphs. Scenario:
A Service Graph directs web traffic to a load balancer for distribution. Memory Tip: Load
Balancing = "Load Sharing." Picture a waiter distributing plates.

88. What is a VMM Integration with VMware?

Answer: VMM Integration connects ACI to VMware vCenter, mapping VMs to EPGs
dynamically. Scenario: A new VM in vCenter is automatically assigned to a web EPG.
Memory Tip: VMM Integration = "VM Mate." Imagine VMs marrying ACI policies.

89. What is a Fabric Access Policy?

Answer: Fabric Access Policies configure how Leaf ports connect to endpoints, like VLANs
or port channels. Scenario: You create a Fabric Access Policy for a server’s VLAN 10 port.
Memory Tip: Fabric Access = "Fabric Door." Picture a door for endpoint entry.

90. What is a Rogue Endpoint in ACI?

Answer: A Rogue Endpoint is an endpoint behaving abnormally, like sending excessive

traffic. Scenario: ACI isolates a server sending floods as a Rogue Endpoint. Memory Tip:
Rogue Endpoint = "Rebel Endpoint." Imagine a troublemaker in the network.

91. What is Endpoint Learning in ACI?

Answer: Endpoint Learning is how ACI discovers and tracks endpoints’ MAC and IP
addresses. Scenario: A new server connects, and ACI learns its MAC via ARP. Memory Tip:
Endpoint Learning = "Endpoint Lessons." Picture ACI studying endpoints.

92. What is a COOP Database in ACI?

Answer: COOP (Council of Oracle Protocol) Database synchronizes endpoint info across
Spines. Scenario: A new endpoint’s info is shared via COOP to all Spines. Memory Tip:
COOP = "Cooperative Oracle." Imagine Spines cooperating like a council.

93. What is a Fabric Path in ACI?

Answer: A Fabric Path is the route traffic takes through the Spine-Leaf fabric. Scenario:
Traffic from a server to another uses a Fabric Path via a Spine. Memory Tip: Fabric Path =
"Fabric Road." Picture a highway through the fabric.

94. What is a Multi-Destination Traffic in ACI?

Answer: Multi-Destination Traffic includes broadcast, multicast, or unknown unicast

traffic. Scenario: A BD floods broadcast traffic to all ports for discovery. Memory Tip:
Multi-Destination = "Multi-Direction." Imagine a megaphone shouting everywhere.

95. What is a Transit Routing in ACI?

Answer: Transit Routing allows routing between VRFs or external networks via L3Out.
Scenario: An L3Out routes traffic between two Tenants’ VRFs. Memory Tip: Transit
Routing = "Transit Tunnel." Picture a tunnel between networks.

96. What is a Shared Service in ACI?

Answer: Shared Service allows multiple Tenants to access resources in the Common
Tenant. Scenario: A DNS server in the Common Tenant serves multiple Tenants. Memory
Tip: Shared Service = "Shared Shop." Imagine a shop open to all Tenants.

97. What is a Contract Inheritance in ACI?

Answer: Contract Inheritance allows a Contract to be reused across multiple EPGs or ANPs.
Scenario: A parent Contract is inherited by child EPGs for HTTP access. Memory Tip:
Inheritance = "Inherited Rules." Picture kids inheriting parents’ rules.

98. What is a vzAny in ACI?

Answer: vzAny is a wildcard representing all EPGs in a VRF for simplified Contracts.
Scenario: A Contract with vzAny allows all EPGs in a VRF to communicate. Memory Tip:
vzAny = "Very Zany." Imagine a wild card for all EPGs.

99. What is a Fabric Loopback in ACI?

Answer: A Fabric Loopback is a logical interface on switches for internal communication,

like TEP. Scenario: A Leaf uses a loopback for VXLAN tunneling to another Leaf. Memory
Tip: Loopback = "Loop Link." Picture a loop for internal chats.

100. What is a Policy Compression in ACI?

Answer: Policy Compression optimizes Contracts to reduce hardware resource usage.

Scenario: Multiple Filters are compressed into one rule for efficiency. Memory Tip:
Compression = "Compact Policy." Imagine zipping policies for space.

101. What is a L4-L7 Service Integration in ACI?

Answer: L4-L7 Service Integration inserts services like firewalls or load balancers using
Service Graphs. Scenario: A firewall is inserted between EPGs for security checks. Memory
Tip: L4-L7 = "Layer 4-7 Link." Picture a link to advanced services.

102. What is a Tenant VRF Leakage?

Answer: VRF Leakage allows controlled routing between VRFs within or across Tenants.
Scenario: You leak routes between prod and dev VRFs for shared services. Memory Tip:
Leakage = "Leaky Routes." Imagine a pipe leaking routes.

103. What is a Fabric Forwarding Mode in ACI?

Answer: Fabric Forwarding Mode (Proxy or Flood) defines how unknown traffic is handled.
Scenario: Proxy mode uses Spines to resolve unknown endpoints. Memory Tip:
Forwarding Mode = "Forwarding Method." Picture a method for lost packets.

104. What is a Multi-Tenant Design in ACI?

Answer: Multi-Tenant Design isolates customers or apps using separate Tenants for
security. Scenario: A cloud provider uses Tenants for each customer’s network. Memory
Tip: Multi-Tenant = "Multi-Apartment." Imagine apartments for customers.

105. What is a Policy Tag in ACI?

Answer: A Policy Tag labels policies for organization or automation. Scenario: You tag an
EPG with “Web” for easy identification. Memory Tip: Policy Tag = "Policy Label." Picture a
tag on a suitcase.

106. What is a Fabric Upgrade in ACI?

Answer: A Fabric Upgrade updates APIC and switch firmware with minimal disruption.
Scenario: You upgrade the fabric to a new ACI version overnight. Memory Tip: Upgrade =
"Update Grade." Imagine grading up the fabric’s software.

107. What is a Rollback in ACI?

Answer: Rollback reverts the fabric to a previous configuration using a Snapshot. Scenario:
After a failed policy change, you rollback to a Snapshot. Memory Tip: Rollback = "Rewind
Back." Picture rewinding a tape.

108. What is a Backup in ACI?

Answer: A Backup saves the ACI configuration to an external server for recovery. Scenario:
You schedule nightly Backups to a remote FTP server. Memory Tip: Backup = "Safety Copy."
Imagine copying files for safety.

109. What is a Fault Suppression in ACI?

Answer: Fault Suppression disables specific Faults to reduce unnecessary alerts. Scenario:
You suppress a minor port flap Fault to avoid noise. Memory Tip: Suppression = "Silence
Faults." Picture muting annoying alerts.

110. What is a Monitoring Policy in ACI?

Answer: A Monitoring Policy defines how ACI collects and reports telemetry data.
Scenario: You set a Monitoring Policy to track bandwidth usage. Memory Tip: Monitoring
Policy = "Monitor Plan." Picture a plan to watch the fabric.

111. What is a syslog in ACI?

Answer: Syslog sends ACI logs to an external server for analysis. Scenario: You configure
syslog to send Faults to a monitoring tool. Memory Tip: Syslog = "System Log." Imagine a
logbook sent to a server.

112. What is SNMP in ACI?

Answer: SNMP (Simple Network Management Protocol) monitors ACI devices externally.
Scenario: You enable SNMP to track switch health via a tool like SolarWinds. Memory Tip:
SNMP = "Simple Network Monitor." Picture a monitor watching switches.

113. What is a Call Home in ACI?

Answer: Call Home sends alerts to Cisco or admins for critical issues. Scenario: A
hardware failure triggers a Call Home to Cisco support. Memory Tip: Call Home = "Cry for
Help." Imagine calling home for support.

114. What is a TACACS+ Integration in ACI?

Answer: TACACS+ Integration provides centralized authentication for ACI access.

Scenario: Admins log into APIC using TACACS+ credentials. Memory Tip: TACACS = "Tight
Access Control." Picture a security guard for logins.

115. What is a RBAC in ACI?

Answer: RBAC (Role-Based Access Control) assigns permissions to users based on roles.
Scenario: You create an “Operator” role with read-only access to APIC. Memory Tip: RBAC
= "Role-Based Access." Imagine roles as job titles.

116. What is a Security Domain in ACI?

Answer: A Security Domain restricts user access to specific Tenants or resources.

Scenario: You assign a user to a Security Domain for one Tenant only. Memory Tip:
Security Domain = "Secure Zone." Picture a restricted area.

117. What is a Fabric Inventory in ACI?

Answer: Fabric Inventory lists all switches, ports, and modules in the ACI fabric. Scenario:
You check the Fabric Inventory to verify a new Leaf switch. Memory Tip: Inventory = "Item
List." Imagine a warehouse stock list.

118. What is a Capacity Dashboard in ACI?

Answer: The Capacity Dashboard shows resource usage, like VLANs or endpoints.
Scenario: You use the Dashboard to check available VLANs in a pool. Memory Tip:
Capacity Dashboard = "Resource Radar." Picture a radar for resources.

119. What is a Fabric Troubleshooting in ACI?

Answer: Fabric Troubleshooting uses tools like Traceroute or Faults to diagnose issues.
Scenario: You use Traceroute to find a connectivity issue between EPGs. Memory Tip:
Troubleshooting = "Trouble Hunt." Imagine hunting for network issues.

120. What is a SPAN in ACI?

Answer: SPAN (Switched Port Analyzer) mirrors traffic for monitoring or debugging.
Scenario: You configure SPAN to capture traffic from a server port. Memory Tip: SPAN =
"Spy on Packets." Picture a spy watching traffic.

121. What is an ERSPAN in ACI?

Answer: ERSPAN (Encapsulated Remote SPAN) sends mirrored traffic over a network.
Scenario: You use ERSPAN to send traffic to a remote analyzer. Memory Tip: ERSPAN =
"Extended Remote Spy." Picture a long-distance spy.

122. What is a Fabric Audit Log?

Answer: The Fabric Audit Log tracks all configuration changes in ACI. Scenario: You review
the Audit Log to find who created an EPG. Memory Tip: Audit Log = "Action Diary." Imagine
a diary of fabric actions.

123. What is a VRF Lite in ACI?

Answer: VRF Lite is a simplified VRF configuration for basic routing without MP-BGP.
Scenario: You use VRF Lite for a small Tenant with no external routing. Memory Tip: VRF
Lite = "Light VRF." Picture a lightweight routing box.

124. What is a Contract Filter Chain?

Answer: A Contract Filter Chain combines multiple Filters for complex traffic rules.
Scenario: A Contract uses a Filter Chain to allow HTTP and HTTPS. Memory Tip: Filter
Chain = "Filter Link." Imagine linking rules together.

125. What is a Policy Cam in ACI?

Answer: Policy CAM (Content Addressable Memory) stores policy rules in hardware for
fast lookup. Scenario: A Leaf uses Policy CAM to enforce Contracts quickly. Memory Tip:
Policy CAM = "Policy Cache." Picture a fast-access cache for rules.

126. What is a Fabric Scale in ACI?

Answer: Fabric Scale defines the maximum number of endpoints, EPGs, or switches
supported. Scenario: You check the Fabric Scale to plan for 10,000 endpoints. Memory
Tip: Scale = "Size Capacity." Imagine measuring the fabric’s size.

127. What is a VRF Route Leaking?

Answer: VRF Route Leaking shares routes between VRFs for controlled communication.
Scenario: You leak a route from a prod VRF to a dev VRF for testing. Memory Tip: Route
Leaking = "Route Spill." Picture spilling routes between VRFs.

128. What is a Fabric Path Egress?

Answer: Fabric Path Egress is the Leaf port where traffic exits the fabric. Scenario: Traffic
to a server exits via a specific Leaf port. Memory Tip: Egress = "Exit Gate." Picture a gate for
outgoing traffic.

129. What is a Fabric Path Ingress?

Answer: Fabric Path Ingress is the Leaf port where traffic enters the fabric. Scenario: A
server’s traffic enters the fabric via a Leaf’s ingress port. Memory Tip: Ingress = "Entry
Gate." Picture a gate for incoming traffic.

130. What is a Contract Deny Rule?

Answer: A Contract Deny Rule explicitly blocks specific traffic in a Contract. Scenario: A
Contract Deny Rule blocks SSH traffic between EPGs. Memory Tip: Deny Rule = "No Way
Rule." Imagine a “no entry” sign.

131. What is a Policy Lookup in ACI?

Answer: Policy Lookup checks Contracts to determine if traffic is allowed. Scenario: A Leaf
performs a Policy Lookup to allow HTTP traffic. Memory Tip: Policy Lookup = "Policy
Check." Picture checking a rulebook.

132. What is a Fabric Redundancy?

Answer: Fabric Redundancy uses multiple Spines, Leaves, and APICs for high availability.
Scenario: A failed Spine is bypassed using redundant paths. Memory Tip: Redundancy =
"Backup Plan." Imagine a spare tire for the fabric.

133. What is a Leaf Redundancy?

Answer: Leaf Redundancy uses vPC or multiple Leaf connections for endpoint failover.
Scenario: A server connects to two Leaves for uninterrupted access. Memory Tip: Leaf
Redundancy = "Leaf Backup." Picture a backup Leaf waiting.

134. What is a Spine Redundancy?

Answer: Spine Redundancy uses multiple Spines to ensure fabric connectivity. Scenario:
Traffic reroutes through another Spine if one fails. Memory Tip: Spine Redundancy =
"Spine Spare." Picture a spare backbone.

135. What is an APIC Cluster?

Answer: An APIC Cluster is a group of APIC controllers for redundancy and scalability.
Scenario: Three APICs form a cluster to manage a large fabric. Memory Tip: APIC Cluster =
"APIC Crew." Imagine a team of controllers.

136. What is a Fabric Initialization?

Answer: Fabric Initialization sets up the ACI fabric, assigning Node IDs and TEPs. Scenario:
You initialize a new fabric by connecting switches to APIC. Memory Tip: Initialization =
"Ignition Start." Picture starting the fabric engine.

137. What is a Fabric Decommission?

Answer: Fabric Decommission removes a switch from the ACI fabric safely. Scenario: You
decommission a faulty Leaf switch for replacement. Memory Tip: Decommission =
"Dismiss Switch." Imagine firing a switch from the fabric.

138. What is a Policy Resolution in ACI?

Answer: Policy Resolution determines which Contract applies when multiple exist.
Scenario: A specific Contract overrides a global one for an EPG. Memory Tip: Resolution =
"Rule Decision." Picture deciding which rule wins.

139. What is a Fabric Telemetry?

Answer: Fabric Telemetry collects real-time data on traffic, faults, and performance.
Scenario: You monitor bandwidth usage via telemetry for optimization. Memory Tip:
Telemetry = "Traffic Tracker." Imagine a tracker for fabric stats.

140. What is a Contract Precedence?

Answer: Contract Precedence prioritizes Contracts when multiple apply to traffic.

Scenario: A Deny Contract takes precedence over an Allow Contract. Memory Tip:
Precedence = "Priority Order." Picture a VIP line for Contracts.

141. What is a Fabric Path Optimization?

Answer: Fabric Path Optimization selects the shortest path for traffic in the fabric.
Scenario: ACI routes traffic through the nearest Spine for low latency. Memory Tip:
Optimization = "Optimal Path." Picture the fastest route on a map.

142. What is a VMM Policy Enforcement?

Answer: VMM Policy Enforcement applies ACI policies to VMs via hypervisor integration.
Scenario: A VM’s traffic is filtered by an EPG policy in vCenter. Memory Tip: VMM
Enforcement = "VM Rule Enforcement." Picture rules for VMs.

143. What is a Fabric Security Policy?

Answer: Fabric Security Policy enforces access control and traffic rules across the fabric.
Scenario: A Security Policy blocks unauthorized access to an EPG. Memory Tip: Security
Policy = "Safety Shield." Imagine a shield for the fabric.

144. What is a Contract Consumer Label?

Answer: A Contract Consumer Label tags an EPG as a Consumer for Contract matching.
Scenario: You label an EPG as “Client” for a Contract with a server EPG. Memory Tip:
Consumer Label = "Customer Tag." Picture a tag for clients.

145. What is a Contract Provider Label?

Answer: A Contract Provider Label tags an EPG as a Provider for Contract matching.
Scenario: A server EPG is labeled “Web” for a Contract with clients. Memory Tip: Provider
Label = "Producer Tag." Picture a tag for servers.

146. What is a Fabric Health Check?

Answer: A Fabric Health Check monitors the status of switches, ports, and policies.
Scenario: You run a Health Check to find a downed Leaf port. Memory Tip: Health Check =
"Fabric Doctor." Picture a doctor checking the fabric.

147. What is a Policy Inheritance Tag?

Answer: A Policy Inheritance Tag allows policies to be inherited across objects. Scenario: A
tag ensures a child EPG inherits a parent’s Contract. Memory Tip: Inheritance Tag =
"Inherited Ticket." Picture a ticket passed down.

148. What is a Fabric Resource Allocation?

Answer: Fabric Resource Allocation manages VLANs, TEPs, and other resources. Scenario:
You allocate a VLAN pool for a new Tenant. Memory Tip: Resource Allocation = "Resource
Share." Picture sharing fabric resources.

149. What is a Contract Scope Global?

Answer: A Global Contract Scope applies a Contract across all Tenants. Scenario: A Global
Contract allows DNS access for all Tenants. Memory Tip: Global Scope = "Global Reach."
Picture a worldwide Contract.

150. What is a Fabric Path Load Balancing?

Answer: Fabric Path Load Balancing distributes traffic across multiple Spines and Leaves.
Scenario: Traffic is balanced across two Spines for efficiency. Memory Tip: Load Balancing
= "Load Spread." Picture spreading weight evenly.

151. What is a VRF Policy Control?

Answer: VRF Policy Control enforces Contracts within a VRF for traffic filtering. Scenario:
A VRF Policy Control blocks unauthorized traffic in a Tenant. Memory Tip: Policy Control =
"VRF Cop." Picture a cop patrolling a VRF.

152. What is a Fabric Access Control?

Answer: Fabric Access Control restricts endpoint access to the fabric using policies.
Scenario: An Access Control policy blocks a rogue server from connecting. Memory Tip:
Access Control = "Access Guard." Picture a guard at the fabric gate.

153. What is a Contract Filter Direction?

Answer: Filter Direction (inbound or outbound) specifies how traffic is filtered in a

Contract. Scenario: An inbound Filter allows HTTP to a server EPG. Memory Tip: Filter
Direction = "Flow Direction." Picture traffic flowing in or out.

154. What is a Fabric Path Redundancy?

Answer: Fabric Path Redundancy ensures multiple paths for traffic in case of failure.
Scenario: A failed Spine path is bypassed using a redundant path. Memory Tip: Path
Redundancy = "Path Backup." Picture a backup road.

155. What is a Policy-Based Fabric?

Answer: A Policy-Based Fabric uses APIC policies to automate network configurations.

Scenario: Policies configure EPGs and Contracts for a new app instantly. Memory Tip:
Policy-Based = "Policy Driven." Picture a car driven by policies.

156. What is a Fabric Path MTU?

Answer: Fabric Path MTU (Maximum Transmission Unit) defines the largest packet size in
the fabric. Scenario: You set a 9000-byte MTU for jumbo frames in the fabric. Memory Tip:
MTU = "Max Traffic Unit." Picture the max size of a package.

157. What is a Contract Logging?

Answer: Contract Logging records traffic allowed or denied by Contracts for auditing.
Scenario: You enable logging to track denied SSH attempts. Memory Tip: Contract Logging
= "Contract Logbook." Picture a logbook for traffic.

158. What is a Fabric Path Security?

Answer: Fabric Path Security applies encryption or policies to secure traffic paths.
Scenario: You enable encryption for sensitive traffic across the fabric. Memory Tip: Path
Security = "Path Shield." Picture a shield on the traffic path.

159. What is a VMM Domain Policy?

Answer: A VMM Domain Policy defines how VMs connect to ACI, like VLAN assignments.
Scenario: A VMM Domain Policy assigns VLAN 50 to VMs in vCenter. Memory Tip: VMM
Policy = "VM Plan." Picture a plan for VM networking.

160. What is a Fabric Path Latency?

Answer: Fabric Path Latency measures the delay in traffic across the fabric. Scenario: You
monitor latency to optimize a video streaming app. Memory Tip: Latency = "Lag Time."
Picture a delay in traffic flow.

Advanced Questions (90)

161. How does ACI handle endpoint mobility?

Answer: ACI tracks endpoint mobility using COOP and updates TEPs for seamless
connectivity. Scenario: A VM moves to a new Leaf, and ACI updates its TEP instantly.
Memory Tip: Endpoint Mobility = "Moving Endpoints." Picture endpoints dancing across
Leaves.

162. What is a Contract with Reverse Filter?

Answer: A Reverse Filter in a Contract applies the same rules for return traffic. Scenario: A
Contract allows HTTP outbound and reverse for responses. Memory Tip: Reverse Filter =
"Return Rule." Imagine a boomerang for traffic.

163. How does ACI integrate with Kubernetes?

Answer: ACI integrates with Kubernetes using a CNI plugin to map pods to EPGs. Scenario:
A Kubernetes pod is assigned to a web EPG for policy enforcement. Memory Tip:
Kubernetes Integration = "Kube Connect." Picture connecting pods to ACI.

164. What is a Fabric Path Anycast?

Answer: Fabric Path Anycast uses shared IP addresses for load balancing across switches.
Scenario: An anycast gateway balances traffic across multiple Leaves. Memory Tip:
Anycast = "Any Cast." Picture a shared address for all.

165. What is a Multi-Site Orchestrator (MSO)?

Answer: MSO manages multiple ACI fabrics across sites for unified policy control.
Scenario: MSO applies a Contract across New York and London fabrics. Memory Tip: MSO
= "Multi-Site Organizer." Picture an organizer for multiple sites.

166. How does ACI handle BGP EVPN?

Answer: ACI uses BGP EVPN to distribute endpoint information across Multi-Pod or Multi-
Site setups. Scenario: BGP EVPN shares a new server’s IP across two Pods. Memory Tip:
BGP EVPN = "Border Gateway Endpoint VPN." Picture a VPN for endpoints.

167. What is a Fabric Path ECMP?

Answer: ECMP (Equal-Cost Multi-Path) balances traffic across multiple fabric paths.
Scenario: Traffic splits across two Spines using ECMP for efficiency. Memory Tip: ECMP =
"Equal Cost Multi-Path." Picture splitting traffic evenly.

168. What is a Contract with Apply Both Directions?

Answer: Apply Both Directions makes a Contract bidirectional for symmetric traffic.
Scenario: A Contract allows HTTP in both directions between EPGs. Memory Tip: Both
Directions = "Two-Way Rule." Picture a two-way street.

169. How does ACI support SR-MPLS?

Answer: ACI integrates with SR-MPLS for seamless connectivity to MPLS networks via
L3Out. Scenario: An L3Out connects ACI to an MPLS WAN for global routing. Memory Tip:
SR-MPLS = "Segment Routing MPLS." Picture segments linking to MPLS.

170. What is a Fabric Path Congestion Control?

Answer: Congestion Control uses QoS and buffering to manage traffic overloads. Scenario:
ACI prioritizes critical traffic during a network spike. Memory Tip: Congestion Control =
"Crowd Control." Picture managing a traffic jam.

171. What is a Policy-Based Fabric Automation?

Answer: Policy-Based Fabric Automation uses APIC to dynamically configure the fabric.
Scenario: A new app’s policies are applied automatically via APIC. Memory Tip:
Automation = "Auto Magic." Picture magic configuring the fabric.

172. How does ACI handle IPv6?

Answer: ACI supports IPv6 for endpoints, routing, and Contracts natively. Scenario: You
configure an IPv6 subnet in a BD for modern servers. Memory Tip: IPv6 = "Internet
Protocol v6." Picture a new version of IP.

173. What is a Fabric Path Security Zone?

Answer: A Security Zone segments the fabric for enhanced policy enforcement. Scenario:
You create a Security Zone for sensitive servers with strict Contracts. Memory Tip: Security
Zone = "Safe Zone." Picture a secure area in the fabric.

174. What is a Contract with Stateless Filters?

Answer: Stateless Filters in a Contract don’t track connection states, simplifying rules.
Scenario: A stateless Filter allows UDP traffic without tracking. Memory Tip: Stateless =
"State-Free." Picture rules without memory.

175. How does ACI integrate with AWS?

Answer: ACI integrates with AWS via L3Out or Cisco Cloud ACI for hybrid cloud
networking. Scenario: An L3Out connects the fabric to an AWS VPC for app hosting.
Memory Tip: AWS Integration = "Cloud Connect." Picture a bridge to the cloud.

176. What is a Fabric Path Telemetry?

Answer: Fabric Path Telemetry collects detailed path performance data for optimization.
Scenario: You analyze telemetry to reduce latency in a path. Memory Tip: Path Telemetry
= "Path Pulse." Picture checking a path’s pulse.

177. What is a Multi-Pod L3Out?

Answer: A Multi-Pod L3Out provides external connectivity shared across Pods. Scenario: A
single L3Out serves two Pods for internet access. Memory Tip: Multi-Pod L3Out = "Multi-
Pod Exit." Picture a shared exit for Pods.

178. What is a Fabric Path Segmentation?

Answer: Path Segmentation isolates traffic paths for security or performance. Scenario:
You segment a path for sensitive financial data. Memory Tip: Segmentation = "Segment
Split." Picture splitting paths apart.

179. How does ACI handle VxLAN Overlay?

Answer: ACI uses VXLAN Overlay to encapsulate traffic for scalable, isolated networks.
Scenario: VXLAN Overlay connects servers across Pods like one LAN. Memory Tip: VXLAN
Overlay = "Virtual Overlay." Picture a virtual blanket over the fabric.

180. What is a Contract with Stateful Filters?

Answer: Stateful Filters track connection states for advanced traffic control. Scenario: A
stateful Filter allows TCP responses only for initiated sessions. Memory Tip: Stateful =
"State-Smart." Picture rules that remember connections.

181. What is a Fabric Path QoS Policy?

Answer: A Path QoS Policy prioritizes traffic on specific fabric paths. Scenario: You apply a
QoS Policy to prioritize VoIP on a path. Memory Tip: Path QoS = "Path Priority." Picture a
priority lane on a path.

182. How does ACI support Zero Trust?

Answer: ACI supports Zero Trust with microsegmentation and strict Contract enforcement.
Scenario: Every endpoint is verified with Contracts for secure access. Memory Tip: Zero
Trust = "Zero Belief." Picture trusting no one by default.

183. What is a Fabric Path Resiliency?

Answer: Path Resiliency ensures traffic reroutes during path failures. Scenario: A failed
Leaf path reroutes via another Leaf automatically. Memory Tip: Resiliency = "Bounce
Back." Picture a path bouncing back.

184. What is a Multi-Site Contract?

Answer: A Multi-Site Contract applies policies across multiple ACI fabrics via MSO.
Scenario: A Contract allows HTTP between EPGs in two sites. Memory Tip: Multi-Site
Contract = "Multi-Site Pact." Picture a pact across sites.

185. How does ACI handle DCI (Data Center Interconnect)?

Answer: ACI uses Multi-Pod or Multi-Site with IPN or MPLS for DCI. Scenario: Two data
centers are linked via Multi-Pod for app redundancy. Memory Tip: DCI = "Data Center
Link." Picture a bridge between data centers.

186. What is a Fabric Path Load Sharing?

Answer: Path Load Sharing distributes traffic across multiple paths for efficiency.
Scenario: Traffic splits across two Spines for balanced load. Memory Tip: Load Sharing =
"Load Split." Picture splitting a heavy load.

187. What is a Contract with Priority Tagging?

Answer: Priority Tagging in a Contract assigns QoS priorities to traffic. Scenario: A

Contract tags VoIP traffic with high priority. Memory Tip: Priority Tagging = "VIP Tag."
Picture a VIP badge for traffic.

188. How does ACI support AI/ML workloads?

Answer: ACI supports AI/ML with high bandwidth, low latency, and QoS policies. Scenario:
You prioritize GPU traffic for an AI training cluster. Memory Tip: AI/ML Support = "AI
Muscle." Picture muscle for AI workloads.

189. What is a Fabric Path Encryption?

Answer: Path Encryption secures traffic across the fabric using protocols like MACsec.
Scenario: Sensitive data is encrypted on a path between Leaves. Memory Tip: Path
Encryption = "Path Lock." Picture a lock on the path.

190. What is a Multi-Tenant Security Policy?

Answer: A Multi-Tenant Security Policy isolates Tenants with strict Contracts and VRFs.
Scenario: Each Tenant’s traffic is isolated for a cloud provider. Memory Tip: Multi-Tenant
Security = "Multi-Apartment Locks." Picture locks on each apartment.

191. How does ACI handle Overlay Multicast?

Answer: ACI uses PIM in the overlay to manage multicast traffic across VXLAN. Scenario: A
streaming app uses overlay multicast for efficient delivery. Memory Tip: Overlay Multicast
= "Overlay Multi Cast." Picture a multicast blanket.

192. What is a Fabric Path Analytics?

Answer: Path Analytics provides detailed insights into traffic patterns and performance.
Scenario: You use analytics to identify a congested path. Memory Tip: Path Analytics =
"Path Insights." Picture insights into a path’s behavior.

193. What is a Contract with Dynamic Filters?

Answer: Dynamic Filters in a Contract adjust rules based on runtime conditions. Scenario:
A Dynamic Filter allows traffic only during business hours. Memory Tip: Dynamic Filters =
"Dancing Filters." Picture filters that adapt.

194. How does ACI integrate with SD-WAN?

Answer: ACI integrates with SD-WAN via L3Out for seamless WAN connectivity. Scenario:
An L3Out connects ACI to a Cisco SD-WAN for branch access. Memory Tip: SD-WAN
Integration = "WAN Link." Picture a link to the WAN.

195. What is a Fabric Path Fault Tolerance?

Answer: Path Fault Tolerance ensures traffic continues despite path failures. Scenario: A
failed Spine path is bypassed using a redundant Spine. Memory Tip: Fault Tolerance =
"Fail-Safe Path." Picture a safe backup path.

196. What is a Multi-Site VRF?

Answer: A Multi-Site VRF extends a VRF across multiple ACI fabrics for unified routing.
Scenario: A VRF spans two sites for consistent app routing. Memory Tip: Multi-Site VRF =
"Multi-Site Route." Picture a route across sites.

197. How does ACI handle Network Slicing?

Answer: ACI uses Tenants, VRFs, and EPGs to create isolated network slices. Scenario: A
5G app gets a dedicated slice with strict QoS. Memory Tip: Network Slicing = "Network
Slices." Picture slicing a pizza for apps.

198. What is a Fabric Path Monitoring?

Answer: Path Monitoring tracks the health and performance of fabric paths. Scenario: You
monitor a path for packet loss during peak traffic. Memory Tip: Path Monitoring = "Path
Watch." Picture watching a path’s health.

199. What is a Contract with Policy Inheritance?

Answer: Policy Inheritance in a Contract allows rules to be inherited from parent
Contracts. Scenario: A child Contract inherits HTTP rules from a parent. Memory Tip:
Policy Inheritance = "Policy Hand-Down." Picture handing down rules.

200. How does ACI support Intent-Based Networking?

Answer: ACI uses policies to translate business intent into network configurations.
Scenario: You define an intent to isolate an app, and ACI creates EPGs and Contracts.
Memory Tip: Intent-Based = "Intent Magic." Picture magic fulfilling your intent.

201. What is a Fabric Path Virtualization?

Answer: Path Virtualization creates logical paths over physical fabric for isolation.
Scenario: A virtual path isolates app traffic across the fabric. Memory Tip: Path
Virtualization = "Virtual Path." Picture a virtual road.

202. What is a Multi-Pod Transit Routing?

Answer: Multi-Pod Transit Routing routes traffic between Pods via an IPN. Scenario:
Traffic from Pod 1 to Pod 2 uses a transit route. Memory Tip: Transit Routing = "Pod
Travel." Picture traveling between Pods.

203. How does ACI handle Telemetry Streaming?

Answer: ACI streams telemetry data to external tools for real-time analysis. Scenario: You
stream bandwidth data to a monitoring platform. Memory Tip: Telemetry Streaming =
"Data Stream." Picture a stream of data.

204. What is a Contract with Multi-Protocol Filters?

Answer: Multi-Protocol Filters in a Contract support multiple protocols (e.g., TCP, UDP).
Scenario: A Contract allows both HTTP and DNS traffic. Memory Tip: Multi-Protocol =
"Multi-Rule." Picture rules for multiple protocols.

205. What is a Fabric Path Resilient Hashing?

Answer: Resilient Hashing ensures traffic stays balanced during path failures. Scenario: A
failed Leaf path doesn’t disrupt load balancing. Memory Tip: Resilient Hashing = "Resilient
Balance." Picture balancing despite failures.

206. How does ACI integrate with OpenStack?

Answer: ACI integrates with OpenStack using a plugin to map instances to EPGs. Scenario:
An OpenStack VM is assigned to a web EPG for policies. Memory Tip: OpenStack
Integration = "Open Link." Picture a link to OpenStack.

207. What is a Multi-Site Endpoint Learning?

Answer: Multi-Site Endpoint Learning shares endpoint info across fabrics via MSO.
Scenario: A VM’s IP is learned across two sites for connectivity. Memory Tip: Endpoint
Learning = "Site Shared Lessons." Picture sharing endpoint knowledge.

208. What is a Fabric Path Anomaly Detection?

Answer: Path Anomaly Detection identifies unusual traffic patterns for security. Scenario:
ACI detects a sudden traffic spike on a path. Memory Tip: Anomaly Detection = "Oddity
Alert." Picture an alert for weird traffic.

209. What is a Contract with QoS Marking?

Answer: QoS Marking in a Contract tags traffic for priority handling. Scenario: A Contract
marks VoIP traffic for high priority. Memory Tip: QoS Marking = "Priority Stamp." Picture
stamping traffic with priority.

210. How does ACI handle Network Automation?

Answer: ACI uses APIC APIs and policies for programmable network automation.
Scenario: You automate EPG creation using a Python script via APIC API. Memory Tip:
Automation = "Auto Script." Picture scripts running the fabric.

211. What is a Fabric Path Microburst Handling?

Answer: Microburst Handling manages sudden traffic spikes using buffering and QoS.
Scenario: A microburst from a backup job is buffered to avoid drops. Memory Tip:
Microburst = "Mini Burst." Picture handling a tiny traffic explosion.

212. What is a Multi-Tenant Policy Enforcement?

Answer: Multi-Tenant Policy Enforcement applies strict policies across Tenants for
isolation. Scenario: Each Tenant’s EPGs are isolated with Contracts. Memory Tip: Policy
Enforcement = "Tenant Cop." Picture a cop for each Tenant.

213. How does ACI support 5G Networking?

Answer: ACI supports 5G with low-latency paths and network slicing for mobile apps.
Scenario: A 5G core app uses a dedicated slice in ACI. Memory Tip: 5G Support = "5G
Speed." Picture a fast lane for 5G.

214. What is a Fabric Path Traffic Engineering?

Answer: Traffic Engineering optimizes fabric paths for performance and efficiency.
Scenario: You engineer a path to reduce latency for a critical app. Memory Tip: Traffic
Engineering = "Traffic Design." Picture designing traffic flow.

215. What is a Contract with Dynamic Policy Updates?

Answer: Dynamic Policy Updates adjust Contract rules based on external triggers.
Scenario: A Contract updates rules based on a security alert. Memory Tip: Dynamic
Updates = "Live Rules." Picture rules updating live.

216. How does ACI integrate with Azure?

Answer: ACI integrates with Azure via L3Out or Cisco Cloud ACI for hybrid networking.
Scenario: An L3Out connects ACI to an Azure VNet for app hosting. Memory Tip: Azure
Integration = "Azure Bridge." Picture a bridge to Azure.

217. What is a Fabric Path Load Optimization?

Answer: Load Optimization balances traffic across paths to avoid congestion. Scenario: ACI
optimizes paths to prevent a Spine overload. Memory Tip: Load Optimization = "Load
Balance." Picture balancing a load.

218. What is a Multi-Site Security Policy?

Answer: A Multi-Site Security Policy enforces consistent security across fabrics. Scenario:
A security policy blocks SSH across two sites. Memory Tip: Multi-Site Security = "Site
Shared Shield." Picture a shared shield.

219. How does ACI handle Network Segmentation?

Answer: ACI uses Tenants, VRFs, and EPGs for logical network segmentation. Scenario: A
financial app is segmented in a dedicated Tenant. Memory Tip: Segmentation = "Network
Split." Picture splitting the network.

220. What is a Fabric Path Predictive Analytics?

Answer: Predictive Analytics forecasts traffic patterns for proactive optimization.

Scenario: ACI predicts a traffic spike and adjusts paths. Memory Tip: Predictive Analytics
= "Future Sight." Picture seeing the future of traffic.

221. What is a Contract with Context-Aware Filters?

Answer: Context-Aware Filters adjust rules based on network conditions or time.

Scenario: A Filter allows traffic only during maintenance windows. Memory Tip: Context-
Aware = "Smart Filters." Picture filters that think.

222. How does ACI support IoT Networking?

Answer: ACI supports IoT with microsegmentation and scalable EPGs for devices.
Scenario: IoT sensors are isolated in an EPG with strict Contracts. Memory Tip: IoT
Support = "IoT Isolation." Picture isolating IoT devices.

223. What is a Fabric Path High Availability?

Answer: Path High Availability ensures uninterrupted traffic during failures. Scenario: A
failed Leaf path reroutes via a redundant Leaf. Memory Tip: High Availability = "Always
On." Picture a path that’s always up.

224. What is a Multi-Pod Policy Enforcement?

Answer: Multi-Pod Policy Enforcement applies consistent policies across Pods. Scenario: A
Contract is enforced across two Pods for app access. Memory Tip: Policy Enforcement =
"Pod Cop." Picture a cop for Pods.

225. How does ACI handle Network Orchestration?

Answer: ACI uses APIC and MSO for centralized policy orchestration. Scenario: MSO
orchestrates policies across two ACI fabrics. Memory Tip: Orchestration = "Network
Symphony." Picture conducting a network.

226. What is a Fabric Path Adaptive QoS?

Answer: Adaptive QoS dynamically adjusts priorities based on traffic conditions. Scenario:
ACI prioritizes VoIP during a traffic spike. Memory Tip: Adaptive QoS = "Smart Priority."
Picture smart traffic priorities.

227. What is a Contract with Role-Based Filters?

Answer: Role-Based Filters apply rules based on endpoint roles or tags. Scenario: A Filter
allows traffic only from “Admin” tagged endpoints. Memory Tip: Role-Based = "Role Rules."
Picture rules for specific roles.

228. How does ACI support Edge Computing?

Answer: ACI supports edge computing with low-latency paths and microsegmentation.
Scenario: An edge app uses a dedicated EPG for fast processing. Memory Tip: Edge
Computing = "Edge Speed." Picture speed at the network edge.

229. What is a Fabric Path Traffic Shaping?

Answer: Traffic Shaping controls traffic rates to prevent congestion. Scenario: ACI shapes
backup traffic to avoid impacting apps. Memory Tip: Traffic Shaping = "Traffic Sculpt."
Picture sculpting traffic flow.

230. What is a Multi-Site Endpoint Mobility?

Answer: Multi-Site Endpoint Mobility tracks endpoints across fabrics for seamless
connectivity. Scenario: A VM moves between sites, and ACI updates its location. Memory
Tip: Endpoint Mobility = "Site Roaming." Picture endpoints roaming sites.

231. How does ACI handle Network Assurance?

Answer: ACI uses tools like Network Assurance Engine to verify policy compliance.
Scenario: You run an assurance check to ensure Contract compliance. Memory Tip:
Assurance = "Network Checkup." Picture a network health check.

232. What is a Fabric Path Dynamic Routing?

Answer: Dynamic Routing uses protocols like BGP for adaptive path selection. Scenario:
ACI dynamically routes traffic via BGP for efficiency. Memory Tip: Dynamic Routing =
"Smart Paths." Picture paths that adapt.

233. What is a Contract with Time-Based Filters?

Answer: Time-Based Filters apply rules only during specific time windows. Scenario: A
Filter allows backup traffic only at night. Memory Tip: Time-Based = "Timed Rules."
Picture a clock controlling rules.

234. How does ACI support Hybrid Cloud?

Answer: ACI supports hybrid cloud with L3Out and Cisco Cloud ACI for cloud integration.
Scenario: ACI connects to AWS and Azure for hybrid apps. Memory Tip: Hybrid Cloud =
"Cloud Mix." Picture mixing on-prem and cloud.

235. What is a Fabric Path Congestion Avoidance?

Answer: Congestion Avoidance uses algorithms to prevent traffic overloads. Scenario: ACI
reroutes traffic to avoid a congested Spine. Memory Tip: Congestion Avoidance = "Crowd
Dodge." Picture dodging a crowd.

236. What is a Multi-Tenant Endpoint Learning?

Answer: Multi-Tenant Endpoint Learning shares endpoint info across Tenants securely.
Scenario: A shared service Tenant learns endpoints from others. Memory Tip: Endpoint
Learning = "Tenant Lessons." Picture Tenants sharing knowledge.

237. How does ACI handle Network Programmability?

Answer: ACI uses REST APIs and Python SDK for programmable configurations. Scenario:
You automate Tenant creation with a Python script. Memory Tip: Programmability =
"Program Power." Picture programming the network.

238. What is a Fabric Path Traffic Prioritization?

Answer: Traffic Prioritization assigns higher priority to critical traffic paths. Scenario: ACI
prioritizes database traffic over backups. Memory Tip: Prioritization = "VIP Path." Picture a
VIP lane for traffic.

239. What is a Contract with Geo-Based Filters?

Answer: Geo-Based Filters apply rules based on endpoint locations. Scenario: A Filter
allows traffic only from a specific data center. Memory Tip: Geo-Based = "Geo Rules."
Picture rules tied to locations.

240. How does ACI support Network Virtualization?

Answer: ACI uses VXLAN and Tenants for virtualized, isolated networks. Scenario: A
Tenant creates a virtual network for a new app. Memory Tip: Virtualization = "Virtual Net."
Picture a virtual network world.

241. What is a Fabric Path Redundant Routing?

Answer: Redundant Routing provides backup paths for uninterrupted traffic. Scenario: A
failed path is bypassed using a redundant route. Memory Tip: Redundant Routing =
"Backup Route." Picture a spare route.

242. What is a Multi-Site Policy Orchestration?

Answer: Multi-Site Policy Orchestration manages policies across fabrics via MSO. Scenario:
MSO applies a QoS policy across three sites. Memory Tip: Orchestration = "Site Symphony."
Picture conducting sites.

243. How does ACI handle Network Scalability?

Answer: ACI scales with Multi-Pod, Multi-Site, and high-capacity Nexus switches. Scenario:
A fabric scales to support 50,000 endpoints across Pods. Memory Tip: Scalability = "Scale
Up." Picture growing the network.

244. What is a Fabric Path Traffic Analytics?

Answer: Traffic Analytics provides insights into path usage and performance. Scenario:
You analyze path analytics to optimize app performance. Memory Tip: Traffic Analytics =
"Traffic Insights." Picture insights into traffic.

245. What is a Contract with Adaptive Filters?

Answer: Adaptive Filters adjust rules based on traffic patterns or threats. Scenario: A
Filter tightens rules during a DDoS attack. Memory Tip: Adaptive Filters = "Smart Rules."
Picture rules that learn.

246. How does ACI support Network Security?

Answer: ACI uses microsegmentation, Contracts, and encryption for robust security.
Scenario: A Contract blocks unauthorized access to a sensitive EPG. Memory Tip: Security
= "Network Shield." Picture a shield for the network.

247. What is a Fabric Path Fault Recovery?

Answer: Fault Recovery restores traffic paths after failures using redundancy. Scenario: A
failed Leaf path recovers via a redundant Leaf. Memory Tip: Fault Recovery = "Path Heal."
Picture healing a broken path.

248. What is a Multi-Tenant Traffic Isolation?

Answer: Multi-Tenant Traffic Isolation uses VRFs and Contracts to separate Tenant traffic.
Scenario: Each Tenant’s traffic is isolated for a cloud provider. Memory Tip: Traffic
Isolation = "Tenant Walls." Picture walls between Tenants.