diff --git a/provision/acc_provision/acc_provision.py b/provision/acc_provision/acc_provision.py
index 0f5020c5b..3d0fb5461 100755
--- a/provision/acc_provision/acc_provision.py
+++ b/provision/acc_provision/acc_provision.py
@@ -173,7 +173,9 @@ def config_default():
         },
         "net_config": {
             "node_subnet": None,
+            "node_subnet_scope": ['public'],
             "pod_subnet": None,
+            "pod_subnet_scope": ['private'],
             "pod_subnet_chunk_size": 32,
             "extern_dynamic": None,
             "extern_static": None,
diff --git a/provision/acc_provision/apic_provision.py b/provision/acc_provision/apic_provision.py
index 58f4f883e..572c9c48f 100644
--- a/provision/acc_provision/apic_provision.py
+++ b/provision/acc_provision/apic_provision.py
@@ -2733,7 +2733,9 @@ def kube_tn(self, flavor):
         kube_vrf = self.config["aci_config"]["vrf"]["name"]
         kube_l3out = self.config["aci_config"]["l3out"]["name"]
         node_subnet = self.config["net_config"]["node_subnet"]
+        node_subnet_scope = ",".join([str(x) for x in self.config["net_config"]["node_subnet_scope"]])
         pod_subnet = self.config["net_config"]["pod_subnet"]
+        pod_subnet_scope = ",".join([str(x) for x in self.config["net_config"]["pod_subnet_scope"]]) 
         kade = self.config["kube_config"].get("allow_kube_api_default_epg") or \
             self.config["kube_config"].get("allow_pods_kube_api_access")
         eade = self.config["kube_config"].get("allow_pods_external_access")
@@ -2919,13 +2921,17 @@ def kube_tn(self, flavor):
             [
                 (
                     "attributes",
-                    collections.OrderedDict([("ip", node_subnet), ("scope", "public")]),
+                    collections.OrderedDict([("ip", node_subnet), ("scope", node_subnet_scope)]),
                 )
             ]
         )
 
         pod_subnet_obj = collections.OrderedDict(
-            [("attributes", collections.OrderedDict([("ip", pod_subnet)]))]
+            [
+                (
+                    "attributes", collections.OrderedDict([("ip", pod_subnet), ("scope", pod_subnet_scope)]),
+                )
+            ]
         )
         if eade is True:
             pod_subnet_obj["attributes"]["scope"] = "public"
diff --git a/provision/acc_provision/templates/provision-config.yaml b/provision/acc_provision/templates/provision-config.yaml
index c8c628ed1..dff2c3f26 100644
--- a/provision/acc_provision/templates/provision-config.yaml
+++ b/provision/acc_provision/templates/provision-config.yaml
@@ -47,7 +47,12 @@ aci_config:
 #
 net_config:
   node_subnet: 10.1.0.1/16      # Subnet to use for nodes
+  node_subnet_scope:            # Valid option are private, shared and public. Public and Private can't be configured at the same time. 
+    - public                    # Default is public
+    - shared  
   pod_subnet: 10.2.0.1/16       # Subnet to use for Kubernetes
+  pod_subnet_scope:             # Valid option are private, shared and public. Public and Private can't be configured at the same time. 
+    - private                   # Default is private
                                 #   Pods/CloudFoundry containers
   #vip_subnet: 10.3.0.1/16      # Subnet to use for virtual IPs
                                 #   (CloudFoundry only)
@@ -76,8 +81,8 @@ registry:
   # ovs_memory_limit: "20Gi"            # override if needed, default is "1Gi"
   # reboot_opflex_with_ovs: "false"     # override if needed, default is "true"
 
-#istio_config:
-  # install_istio: False         # default is True
+istio_config:
+  install_istio: True         # default is True
   # install_profile: "default"   # override if needed, default is "demo"
 
 #drop_log_config: