How to do it...

1. From the TenantA Security Policies menu, select the Filters option. Click on Actions, and then click on Create Filter.

1. Give the filter a name and (if you want to) description, and then click on the plus sign. The entries in the filter must have a name, but after that, you can be as permissive or restrictive as you need. Here, we have created a filter called https, which sets a filter on the layer 3 EtherType of IP, the layer 4 IP protocol of tcp, and the layer 7 protocol of https (as the destination port range). This follows the same steps as the previous recipe.

1. We can now click on SUBMIT, and we can see the filter listed under the tenant’s filters:

1. To attach this filter to the contract, we need to select the contract we created earlier. Then, under the Filters window, click on the plus sign.

1. In the window that pops up, we can select the new filter from the drop-down menu, we can choose to log the activity, and click on SUBMIT:

1. Finally, we see our filter sitting alongside the default filter from the previous recipe.

Configuring contracts between different tenants is the harder of the options. By contrast, configuring contracts between EPGs in the same tenant takes much fewer steps, as do management contracts. We will look at these next. This will also help show how contracts work so much more nicely than access lists as you scale the number of APs, EPGs, and tenants.