AAEP
Location in GUI: Fabric » Access Policies » Policies » Global » Attachable Access Entity Profiles
If infra_vlan is enabled, the infrastructure VLAN ID must be configured under access_policies.
apic: access_policies: infra_vlan: 10Diagram
Section titled “Diagram”
Classes
Section titled “Classes”access_policies (apic)
Section titled “access_policies (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aaeps | List | [aaeps] | No |
aaeps (apic.access_policies)
Section titled “aaeps (apic.access_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| infra_vlan | Boolean | true, false | No | false |
| physical_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| routed_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| vmware_vmm_domains | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| endpoint_groups | List | [endpoint_groups] | No |
endpoint_groups (apic.access_policies.aaeps)
Section titled “endpoint_groups (apic.access_policies.aaeps)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| tenant | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| application_profile | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| endpoint_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| vlan | Integer | min: 1, max: 4096 | No | |
| primary_vlan | Integer | min: 1, max: 4096 | No | |
| secondary_vlan | Integer | min: 1, max: 4096 | No | |
| mode | Choice | regular, native, untagged | No | regular |
| deployment_immediacy | Choice | immediate, lazy | No | lazy |
Examples
Section titled “Examples”Example-1: This example configures a basic AAEP1 which is associated to a physical domain named PHY1.
apic: access_policies: aaeps: - name: AAEP1 physical_domains: - PHY1Example-2: This example configures an AAEP AAEP1 which is associated to multiple domains of multiple types: PHY1 physical domain, ROUTED1 routed domain, and VMM1 VMware VMM domain.
apic: access_policies: aaeps: - name: AAEP1 infra_vlan: true physical_domains: - PHY1 routed_domains: - ROUTED1 vmware_vmm_domains: - VMM1Examlpe-3: this examlpe configures an AAEP SCVMM with the infra_vlan parameter enabled, which enables the extension of the ACI infra VLAN into external domains such as Microsoft SCVMM or other OpFlex-capable solutions. This is required in such integrations to enable the extension of the ACI infra into a non-ACI infra. The relevant domains must be associated to the AAEP to enable the integration, in this case SCVMM physical domain. It is recommended use a dedicated AAEP for such integrations, hence the PHY1 physical domain being associated to another AAEP with the infra_vlan parameter left unspecified, since its default is false.
apic: access_policies: infra_vlan: 10 aaeps: - name: AAEP1 physical_domains: - PHY1 - name: SCVMM infra_vlan: true physical_domains: - SCVMMExample-4: this is a full example demonstrating AAEP1 being associated with PHY1 physical domain, ROUTED1 routed domain, and VMM1 VMware VMM domain. It also utilizes the AAEP-to-EPG association feature to bulk-configure inerfaces with a given VLAN. In this case, it shows the EPG1 EPG under the AP1 app profile under the ABC tenant, using VLAN 1234 in untagged (access) mode.
apic: access_policies: infra_vlan: 10 aaeps: - name: AAEP1 infra_vlan: true physical_domains: - PHY1 routed_domains: - ROUTED1 vmware_vmm_domains: - VMM1 endpoint_groups: - tenant: ABC application_profile: AP1 endpoint_group: EPG1 vlan: 1234 mode: untagged deployment_immediacy: immediate