Skip to content

AAEP

Location in GUI: Fabric » Access Policies » Policies » Global » Attachable Access Entity Profiles

If infra_vlan is enabled, the infrastructure VLAN ID must be configured under access_policies.

apic:
access_policies:
infra_vlan: 10
Diagram
NameTypeConstraintMandatoryDefault Value
aaepsList[aaeps]No

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
descriptionStringRegex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$No
infra_vlanBooleantrue, falseNofalse
physical_domainsListString[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]No
routed_domainsListString[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]No
vmware_vmm_domainsListString[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]No
endpoint_groupsList[endpoint_groups]No

endpoint_groups (apic.access_policies.aaeps)

Section titled “endpoint_groups (apic.access_policies.aaeps)”
NameTypeConstraintMandatoryDefault Value
tenantStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
application_profileStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
endpoint_groupStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
vlanIntegermin: 1, max: 4096No
primary_vlanIntegermin: 1, max: 4096No
secondary_vlanIntegermin: 1, max: 4096No
modeChoiceregular, native, untaggedNoregular
deployment_immediacyChoiceimmediate, lazyNolazy

Example-1: This example configures a basic AAEP1 which is associated to a physical domain named PHY1.

apic:
access_policies:
aaeps:
- name: AAEP1
physical_domains:
- PHY1

Example-2: This example configures an AAEP AAEP1 which is associated to multiple domains of multiple types: PHY1 physical domain, ROUTED1 routed domain, and VMM1 VMware VMM domain.

apic:
access_policies:
aaeps:
- name: AAEP1
infra_vlan: true
physical_domains:
- PHY1
routed_domains:
- ROUTED1
vmware_vmm_domains:
- VMM1

Examlpe-3: this examlpe configures an AAEP SCVMM with the infra_vlan parameter enabled, which enables the extension of the ACI infra VLAN into external domains such as Microsoft SCVMM or other OpFlex-capable solutions. This is required in such integrations to enable the extension of the ACI infra into a non-ACI infra. The relevant domains must be associated to the AAEP to enable the integration, in this case SCVMM physical domain. It is recommended use a dedicated AAEP for such integrations, hence the PHY1 physical domain being associated to another AAEP with the infra_vlan parameter left unspecified, since its default is false.

apic:
access_policies:
infra_vlan: 10
aaeps:
- name: AAEP1
physical_domains:
- PHY1
- name: SCVMM
infra_vlan: true
physical_domains:
- SCVMM

Example-4: this is a full example demonstrating AAEP1 being associated with PHY1 physical domain, ROUTED1 routed domain, and VMM1 VMware VMM domain. It also utilizes the AAEP-to-EPG association feature to bulk-configure inerfaces with a given VLAN. In this case, it shows the EPG1 EPG under the AP1 app profile under the ABC tenant, using VLAN 1234 in untagged (access) mode.

apic:
access_policies:
infra_vlan: 10
aaeps:
- name: AAEP1
infra_vlan: true
physical_domains:
- PHY1
routed_domains:
- ROUTED1
vmware_vmm_domains:
- VMM1
endpoint_groups:
- tenant: ABC
application_profile: AP1
endpoint_group: EPG1
vlan: 1234
mode: untagged
deployment_immediacy: immediate