I am trying to lock down east/west traffic in l2 only fabric, using a combination of EPG isolation and Useg.
My question is -
Does ACI support Useg on Bare Metal ports? All of the Cisco doc seems to only cover VM scenarios, and when I try to implement this in my lab (setting Useg under my primary EPG), I seem to have to map Useg to a VMM domain (which i am not using, because my environment is ALL Bare Metal).
Hello again, seems that u're struggling with this :)
I believe that u're running 1.2/3 version so are in same situation as me, for bare metal domains you need to set the EPG to isolated, uSeg as you mention is strong related to VMM but is not exclusive, see here an output of: http://d2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKACI-2320.pdf Cisco Live 2016:
You u Will be able to use uSeg on EPG using IP/MAC as attribute.
Here are some commonly asked questions and answers to help with your adoption of Cisco ACI solution. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.