Symptom
* Leaf switch is classifying traffic coming from GOLF L3Out EPG with the VRF pctag instead of L3Out EPG pctag (specific subnets defined on L3Out)
* There is no zoning-rule between the application EPG pctag and VRF pctag, so packets are contract dropped
Conditions
* Leaf Switch Model: N9K-C93108TC-FX
* Specific subnet is configured on the GOLF L3Out EPG (e.g. not quad zero)
* Zoning-rules will be created between application EPG and GOLF L3Out EPG
Workaround
* Configure 0.0.0.0/0 on the GOLF L3Out EPG as the External Subnet for External EPG
* Quad-zero subnet configuration will create zoning rules:
* application EPG pctag > 15
* VRF pctag > application EPG pctag
* As a result, traffic mistakenly classified with VRF pcTAG will be allowed
Further Problem Description
