Saturday, 19 July 2025

Cisco ACI Static EPG Configuration– Step-by-Step Deployment Guide

 Cisco ACI Static EPG Configuration for VLAN 420 – Step-by-Step Deployment Guide

 In modern data center architectures, Cisco Application Centric Infrastructure (ACI) provides a scalable, policy-driven approach to network automation. One of the core elements of ACI is the Endpoint Group (EPG)—which simplifies the segmentation and application of network policies.

This blog post walks you through a complete and practical step-by-step guide to statically configure an EPG on VLAN 420 using Cisco ACI's GUI. Whether you're onboarding a new server, integrating legacy infrastructure, or setting up a dedicated application VLAN, this guide covers everything from VLAN Pool creation to contract association.

💡 What You’ll Learn:

  • How to properly configure access policies, domains, and interface profiles

  • How to statically bind a port on a leaf switch to a specific VLAN

  • How to associate EPGs with bridge domains and physical domains

  • How to create and apply contracts for traffic control

This is a hands-on guide built for ACI administrators, data center engineers, and network architects who want a repeatable and validated procedure to follow. VLAN 420 is used as a sample, but the steps can be adapted to any VLAN or tenant environment.

🧭 Step-by-Step Summary

Step

Task

Navigation Path

1

Create VLAN Pool for VLAN 420

Fabric > Access Policies > Pools > VLAN

2

Create Physical Domain linked to VLAN Pool

Fabric > Access Policies > Physical and External Domains > Physical Domains

3

Create Interface Policies (Link Level, CDP, LLDP)

Fabric > Access Policies > Policies > Interface

4

Create Attachable Access Entity Profile (AAEP) and associate Domain

Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles

5

Create Leaf Access Port Policy Group with policies and AAEP

Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups

6

Create Leaf Interface Profile and assign interface selector

Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles

7

Create Leaf Switch Profile and assign node + interface profile

Fabric > Access Policies > Switches > Leaf Switch Profiles

8

Create Tenant, VRF, and Bridge Domain

Tenants

9

Create Application Profile and EPG

Tenants > T1 > Application Profiles

10

Deploy Static EPG on Leaf101 Ethernet1/5 with VLAN 420

Tenants > T1 > App420 > EPG-420 > Static Ports

11

Associate EPG with Physical Domain

Tenants > T1 > App420 > EPG-420 > Domains

12

Create Contract and associate with EPG

Tenants > T1 > Contracts and App420 > EPG-420 > Contracts

🔧 Detailed Configuration Steps

Step 1 – Create VLAN Pool

  • Path: Fabric > Access Policies > Pools > VLAN
  • Right-click VLAN > Create VLAN Pool
  • Name: VLANPool-420
  • Allocation Mode: Static
  • Add Encap Block:
    • From: 420
    • To: 420
    • Allocation Type: Static
  • Click OK, then Submit

Step 2 – Create Physical Domain

  • Path: Fabric > Access Policies > Physical and External Domains > Physical Domains
  • Right-click Physical Domains > Create Physical Domain
  • Name: physDom420
  • VLAN Pool: VLANPool-420
  • Click Submit

Step 3 – Create Interface Policies

  • Path: Fabric > Access Policies > Policies > Interface
  • Create:
    • Link Level Policy: 10G-Auto (Speed: 10G, Auto-Negotiate: Enabled)
    • CDP Policy: CDP-Enabled (Admin State: Enabled)
    • LLDP Policy: LLDP-Enabled (Admin State: Enabled)

Step 4 – Create AAEP

  • Path: Fabric > Access Policies > Policies > Global > Attachable Access Entity Profiles
  • Right-click > Create Attachable Access Entity Profile
  • Name: AAEP-420
  • Under Domains, add: physDom420
  • Click Update, then Next, then Finish

Step 5 – Create Leaf Access Port Policy Group

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Groups
  • Right-click > Create Leaf Access Port
  • Name: AccessPG-420
  • Policies:
    • Link Level: 10G-Auto
    • CDP: CDP-Enabled
    • LLDP: LLDP-Enabled
    • AAEP: AAEP-420
  • Click Submit

Step 6 – Create Leaf Interface Profile

  • Path: Fabric > Access Policies > Interfaces > Leaf Interfaces > Profiles
  • Right-click > Profile > Click Create Leaf Interface Profile
  • Name: Leaf101_IntProf
  • Add Interface Selector:
    • Selector Name: IntSel_eth1/5
    • Interface: 1/5
    • Policy Group: AccessPG-420
  • Click OK, then Submit

Step 7 – Create Leaf Switch Profile

  • Path: Fabric > Access Policies > Switches > Leaf Switches
  • Right-click >Profiles > Create Leaf Profile
  • Name: Leaf101_SWProf
  • Click +  on Leaf Selector
  • Name - Leaf101_LS
  • Select Switch: 101 under Blocks
  • Click Update > Next
  • Associate Interface Select Profiles: Leaf101_IntProf
  • Click Finish

Step 8 – Create Tenant, VRF, and Bridge Domain

  • Path: Tenants
  • Click ADD Tenant
  • Name > T1
  • Click Submit

8.1 – Create VRF

Path: Tenants >T1>Networking

  • Right-click VRFs > Create VRF: VRF-T1
  • Uncheck Create A Bridge Domain
  • Click Finish

8.2 – Create BD

Path: Tenants >T1>Networking

 

  • Right-click Bridge Domains > Create Bridge Domain: BD-420
    • Associate with VRF: VRF-T1 and click Next
    • Add Subnet: Gateway IP: 192.168.42.1/24
  • Click Ok, Next and then Finish

Step 9 – Create Application Profile and EPG

  • Path: Tenants > T1 > Application Profiles
  • Right-click > Create Application Profile: Name:App420 > Click Submit
  • Right click App420 > Create Application EPG:
    • Name: EPG-420
    • Associate with: BD-420
  • Click Finish

Step 10 – Deploy Static EPG on Leaf Interface

  • Path: Tenants > T1 > App420 > Application EPG> EPG-420
  • Right-click > Static Ports , Click Deploy Static EPG on PC, VPC or Interface
    • Node: Leaf101
    • Interface: eth1/5
    • Encapsulation: 420
    • Mode: Access > Warning > OK
  • Click Next>Finish

Step 11 – Associate EPG with Physical Domain

  • Path: Tenants > T1 > App420 > EPG-420
  • Right-click Domains > Add Physical Domain Association
    • Physical Domain Profile: physDom420
  •  Click Submit

Step 12 – Create Contract and Associate with EPG

🔹 12.1 – Create Filter

  • Path: Tenants > T1 > Contracts
  • Right-click Filters > Create Filters: Filter-TCP80
  • Click + under Entries
    • Node: Entry_TCP80
    • EtherType: IP
    • IP Protocol: tcp
    • Stateful: checked
    • Destination Port/Range: From/To:http
    • Click Update and then Submit

🔹 12.2 – Create Contract

  • Path: Tenants > T1 > Contracts
  • Right-click Standard > Create Contract: Contract-420
  • Click + under Subject ,Name:Subject-420
  • Click + under Filters
    • Name: choose T1/Filter-TCP80
    • Action: Permit
    • IP Protocol: tcp
    • Click Update and then Submit
  • Click OK, then Submit

🔹 12.3 – Associate Contract with EPG

  • Path: Tenants > T1 > Application Profile>App420 >Application EPG> EPG-420 >Contracts
  • Right Click on Contracts
  • Click Add Provided Contracts
    • Select: Contract-420
  • Click Add, then Submit
Posted by at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)