10-04-2021 01:25 AM
Hi,
In APIC -> Access Policies, there are two thing that I don't see the different between them ( Physical domains and External bridge domains).
What is the purpose & differences of each one, what is the equal configure in IOS for them ?
10-04-2021 04:47 AM
Domains are a necessary link in the ACI policy structure that provide RBAC between Access Policies (mainly VLANs) and Logical Policies (Tenant). Physical Domains are used for "EPG static port paths", and External Bridge Domains are used for "External Bridged Networks". In my opinion there's little need to use External Bridged Networks and you should focus on Physical Domains & Static paths when connecting baremetal workloads to ACI.
Robert
10-06-2021 07:43 AM
An External Bridged Domain in ACI is used to create an L2out. L2outs are rarely used. You would use a L2out when you have a network which is routed outside of the fabric, but L2 attached within the fabric and you want to apply contracts on them.
Usually you can't apply contracts on L2 only bridge domains, but with L2outs that is possible. I have never seen this implemented anywhere, but there must be some ACI deployments out there using this as it wouldn't be in ACI otherwise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide