Here are my study notes about Cisco AEP in ACI.

Attachable Access Entity Profile AEP: Definitions

The Attachable Access Entity Profile binds the logical tenant configuration to the physical fabric access policies. It can be vaguely compared to the CLI command “switchport trunk allowed vlan” in traditional switching. It is required for attaching external devices and servers to the ACI fabric.

The ACI AEP links the following ACI constructs together:

  • Interface Policy Group: one-to-many relationship, which means that one AEP can be attached to more than one Interface Policy Groups)
  • ACI Networking Domains: remember when I wrote that a Domain is associated to a VLAN Pool? The ACI Domain grouped the VLANs in a single location, and AEP brings them to the fabric access interfaces, so that the interfaces accept traffic from those VLANs. There is one-to-many relationship between AEP and Networking Domains, which means that a network engineer has the possibility:
    • to link one AEP to one Networking Domain,
    • to link the same AEP to more than one Networking Domain, or
    • to link the same AEP to all existing Networking Domains.

By the way, a network engineer must differentiate a Networking Domain from a Bridge Domain.

  • VLAN Pool: The VLAN Pool is linked to the access policies through the ACI domain.

The network engineer should make sure that external devices and servers with similar infrastructure policy requirements will be linked to the same AEP.

ACI AEP Configuration in version 4+

This is a two-step process:

  1. Create the profile
  2. Add it to selected interfaces through Interface Policy Groups

Go to Fabric -> Access Policies:


Then click on Policies -> Global -> Attachable Access Entity Profiles.

Right Click and choose Create Attachable Access Entity Profile


type a name and a description for your AEP:


At this point in the configuration, the network engineer could either add a Networking Domain or leave it for a later point in time:


Supposing he has already configured a Networking Domain, he can link it under the menu Domains (VMM, Physical or External) to Be Associated To Interfaces. After that, he clicks on Update:


Then Next.

After that he needs to associate an Interface Policy Group to the AEP. And for each available Interface Policy Group there is a radio button unter the column Select Interfaces. By the way, the Interface Policy Group to be chosen must be already associated with a Leaf Switch Profile, otherwise it won’t appear in the below list:

In which cases should a network engineer click the radio button specific? I still do not have the answer.

Last, click Finish.

Our AEP is now created and is seen under the list of Attachable Access Entity Profiles:


click here to read the rest of my Cisco ACI study notes.



Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *