This topic provides a
typical example of how to create physical domains, Attach Entity Profiles
(AEP), and VLANs that are mandatory to deploy an EPG on a specific port.
All endpoint groups (EPGs) require a domain. Interface policy groups must also be associated with Attach Entity Profile (AEP),
and the AEP must be associated with a domain, if the AEP and EPG have to be in same domain. Based on the association of EPGs
to domains and of interface policy groups to domains, the ports and VLANs that the EPG uses are validated. The following domain
types associate with EPGs:
Layer 3 external outside network instance EPGs
Layer 2 external outside network instance EPGs
Management EPGs for out-of-band and in-band access
The APIC checks if an EPG is associated with one or more of these types of domains. If the EPG is not associated, the system
accepts the configuration but raises a fault. The deployed configuration may not function properly if the domain association
is not valid. For example, if the VLAN encapsulation is not valid for use with the EPG, the deployed configuration may not
EPG association with the AEP without static binding does not work in a scenario when you configure the EPG as Trunk under the AEP with one end point under the same EPG supporting Tagging and the other end point in the same EPG does not support
VLAN tagging. While associating AEP under the EPG, you can configure it as Trunk, Access (Tagged) or Access (Untagged).