Designing Cisco ACI Fabric Access Policies

Interface Policy Groups

Now that the AEPs, Domains and VLAN Pools are assigned, we focus on Interface Policy Groups. With Interface Policy Groups we have access ports, direct port channels and virtual port-channels. VPCs and DPCs are similar but access ports are designed differently.

Access Ports

Since access port interface policy groups are commonly re-used across various similar endpoints, generic access port policy groups are created mainly differing by type and speed. As an example, any Baremetal server with a non-port channel link that fits a speed profile would be assigned to the respective group.

These are preconfigured and ready for assignment in interface profiles. By using this naming convention, it can aid in troubleshooting and overall management without major effects to all endpoints. Typically, these fit into the majority of endpoint use cases.

Access Port Interface Policy Group Name Association Purpose
BM-AUTO-access_polgrp BM-Compute_aep Baremetal servers with auto-negotiation
BM-100M-access_polgrp   Baremetal servers with 100M Full Duplex
BM-1G-access_polgrp   Baremetal servers with 1G ports
BM-10G-access_polgrp   Baremetal servers with 10G ports
BM-40G-access_polgrp   Baremetal servers with 40G ports
VMM-AUTO-access_polgrp VMM-Compute_aep Virtualized host servers with auto-negotiation
VMM-100M-access_polgrp   Virtualized host servers with 100M Full Duplex
VMM-1G-access_polgrp   Virtualized host servers with 1G ports
VMM-10G-access_polgrp   Virtualized host servers with 10G ports
VMM-40G-access_polgrp   Virtualized host servers with 40G ports
Infra-AUTO-access_polgrp Infra_aep Infrastructure endpoints with auto-negotiation
Infra-100M-access_polgrp   Infrastructure endpoints with 100M Full Duplex
Infra-1G-access_polgrp   Infrastructure endpoints with 1G ports
Infra-10G-access_polgrp   Infrastructure endpoints with 10G ports
Infra-40G-access_polgrp   Infrastructure endpoints with 40G ports

Leave a Reply