AAEP
Location in GUI: Fabric
» Access Policies
» Policies
» Global
» Attachable Access Entity Profiles
If infra_vlan
is enabled, the infrastructure VLAN ID must be configured under access_policies
.
apic: access_policies: infra_vlan: 10
Diagram
Section titled “Diagram”Classes
Section titled “Classes”access_policies (apic)
Section titled “access_policies (apic)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
aaeps | List | [aaeps] | No |
aaeps (apic.access_policies)
Section titled “aaeps (apic.access_policies)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
infra_vlan | Boolean | true , false | No | false |
physical_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$ ] | No | |
routed_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$ ] | No | |
vmware_vmm_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$ ] | No | |
endpoint_groups | List | [endpoint_groups] | No |
endpoint_groups (apic.access_policies.aaeps)
Section titled “endpoint_groups (apic.access_policies.aaeps)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
tenant | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
application_profile | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
endpoint_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
vlan | Integer | min: 1 , max: 4096 | No | |
primary_vlan | Integer | min: 1 , max: 4096 | No | |
secondary_vlan | Integer | min: 1 , max: 4096 | No | |
mode | Choice | regular , native , untagged | No | regular |
deployment_immediacy | Choice | immediate , lazy | No | lazy |
Examples
Section titled “Examples”Example-1: This example configures a basic AAEP1
which is associated to a physical domain named PHY1
.
apic: access_policies: aaeps: - name: AAEP1 physical_domains: - PHY1
Example-2: This example configures an AAEP AAEP1
which is associated to multiple domains of multiple types: PHY1
physical domain, ROUTED1
routed domain, and VMM1
VMware VMM domain.
apic: access_policies: aaeps: - name: AAEP1 infra_vlan: true physical_domains: - PHY1 routed_domains: - ROUTED1 vmware_vmm_domains: - VMM1
Examlpe-3: this examlpe configures an AAEP SCVMM
with the infra_vlan parameter enabled, which enables the extension of the ACI infra VLAN into external domains such as Microsoft SCVMM or other OpFlex-capable solutions. This is required in such integrations to enable the extension of the ACI infra into a non-ACI infra. The relevant domains must be associated to the AAEP to enable the integration, in this case SCVMM
physical domain. It is recommended use a dedicated AAEP for such integrations, hence the PHY1
physical domain being associated to another AAEP with the infra_vlan parameter left unspecified, since its default is false
.
apic: access_policies: infra_vlan: 10 aaeps: - name: AAEP1 physical_domains: - PHY1 - name: SCVMM infra_vlan: true physical_domains: - SCVMM
Example-4: this is a full example demonstrating AAEP1
being associated with PHY1
physical domain, ROUTED1
routed domain, and VMM1
VMware VMM domain. It also utilizes the AAEP-to-EPG association feature to bulk-configure inerfaces with a given VLAN. In this case, it shows the EPG1
EPG under the AP1
app profile under the ABC
tenant, using VLAN 1234
in untagged
(access) mode.
apic: access_policies: infra_vlan: 10 aaeps: - name: AAEP1 infra_vlan: true physical_domains: - PHY1 routed_domains: - ROUTED1 vmware_vmm_domains: - VMM1 endpoint_groups: - tenant: ABC application_profile: AP1 endpoint_group: EPG1 vlan: 1234 mode: untagged deployment_immediacy: immediate