Hi @Nitesh_A ,

You don't DEFINE EPGs under the AAEP. EPGs are defined in the Tenant space.

However, if you have some EPGs defined in some Tenants, the AAEP provides you with an option to by-pass the normal practice of mapping those EPGs to physical ports within the EPG by mapping the EPG to the AAEP.

The normal mapping of EPGs to Physical ports (Tenant > Application Profiles > Your_AP > Application EPGs > Your_EPG > Static Ports) is often referred to as Mapping Down

The process of mapping EPGs to the AAEP (Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles > Your_AAEP >| Application EPGs [+ Add EPG]) is often referred to as Mapping Up

The BIG advantage of Mapping Up is that EVERY physical port (both current and future) that is linked back to this AAEP will accept traffic for the defined EPG/VLAN combination avoiding the necessity of individually mapping the ports within the EPG. including adding extra mappings should a new port be added to the system carrying that VLAN.

There are several disadvantages of Mapping Up. Here are a couple:

1. Troubleshooting/tracing a particular VLAN gets much harder - particularly if there are multiple ports mapped back to the same AAEP but only SOME of them carry the VLAN you are trying to trace.
2. Ports that are mapped up do NOT show in the list of ports underTenant > Application Profiles > Your_AP > Application EPGs > Your_EPG > EPG Members

So, if I was configuring a system I had to maintain in the future, I'd use Mapping Down all the time. If I was under pressure to get a job done quickly, I'd use Mapping Up, with the good intention of coming back later and adding in the Mapping Down configs. BTW - you can do BOTH mapping up AND Mapping down without error. This solves problem 2 I mentioned above, but not problem 1.