300-620 Exam Dumps : Implementing Cisco Application Centric Infrastructure (300-620 DCACI)

 To allow multiple external networks to communicate with internal ACI subnets and assign the prefix to the class ID of the external Endpoint Group, the engineer should configure subnets with the External Subnets for External EPG flag enabled1. This configuration allows the specified subnets to be associated with an external EPG, which facilitates communication between internal tenants and external routed networks via L3Outs1.

To securely back up the current Cisco ACI configuration to a remote location with encryption and authentication, and ensure that sensitive information is not exported, the following steps should be taken:

Create a Remote Location: Define a remote location where the backup will be stored. This involves specifying the hostname or IP address of the remote server and selecting the protocol (SCP/FTP/SFTP) to be used1.

Create a Configuration Export Policy: Set up an export policy that defines the format (XML/JSON) and the destination for the backup. This policy will also include the schedule for the backup to run once per day1.

Configure Global AES Encryption: To ensure that the backup is encrypted, configure the Global AES Encryption setting. This will allow for hashed secure properties, such as passwords and certificates, to be exported in an encrypted form. It’s important to configure a passphrase that is at least 16 characters long for the encryption1.

Schedule the Backup Job: Use the scheduler to set up the backup job to run once per day. This ensures that the backup process is automated and adheres to the customer’s security policy1.

Exclude Sensitive Information: To comply with the security policy that mandates sensitive information not be exported, ensure that the configuration export policy is set to exclude secure fields unless encryption is enabled1.

References :=

Cisco Guide on Creating a Backup for Your APIC Cluster1

Cisco Community Discussion on Backing Up ACI Configuration2

When configuring Cisco ACI VMM domain integration with VMware vCenter, the object that is created in vCenter is a VMware vSphere Distributed Switch (VDS)12. The VDS is a virtual switch that extends across all esxi hosts in the cluster and provides a centralized interface from which network configurations can be managed12. This switch allows network administrators to manage networking for multiple hosts and virtual machines from a single interface within vCenter12.