Hi board,
I'm pretty new to ACI and I'm struggling with a very basic problem: How to properly configure an leaf access port?
From my point of view there are too many ways to do it and I'm interested what's the right way to go.
Let's assume the following:
- 2 Application EPGs: EPG-A (enc-VLAN 11) and EPG-B (enc-VLAN 12)
- Access port types:
-- Bare metal servers: Untagged traffic
-- Non-VMM (vSwitch) hypervisors with tagged traffic
When I'm following some very good documents like the link below, the strategy for the vSwitch integration is:
https://rednectar.net/2015/12/28/cisco-aci-tutorial-4-all-about-access-policies-the-new-interface-range-command/
vSwitch (vPC):
Create a generic AEP with a physical VLAN pool and the following mapping:
EPG-A: encap-vlan11 (trunk)
EPG-B: encap-vlan12 (trunk)
Create a leaf access policy group, attach the AEP to it and define settings like port-channel, storm-control etc.
Assign the leaf access policy group to an interface profile (which is assigned to a switch profile)
==> Done
If I want to have an untagged EPG-A port to a baremetal server, I cannot follow the same rules, because the generic AEP from above consists of multiple EPGs (EPG-A und EPG-B) and the mode is trunk.
Question: What is the correct way to configure an untagged access port?
Option 1:
- Do not create an AEP
- Create a leaf access policy group for baremetal servers (without AEP)and define settings like port-channel, storm-control etc.
- Assign the leaf access policy group to an interface profile (which is assigned to a switch profile)
- Static port assignment under the EPG configuration (mode access)
Option 2:
- Create a dedicated AEP for EPG-A access ports (mode access)
- Create a dedicated AEP for EPG-B access ports (mode access)
- Follow the same guidelines as for the trunk server ports configuration
