Cisco Aci What Is an Epg

What is an EPG?

Ports can be members of more than one EPG. For example, all ports on a switch can be members of an EPG that includes all switch ports. This type of EPG is called a promiscuous EPG. Alternatively, ports can be members of multiple EPGs, each with a specific function. For example, one EPG could be created for voice traffic, another for video traffic, and another for data traffic.

EPGs are created and managed using the Cisco Application Centric Infrastructure (ACI) policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When an EPG is created, the administrator defines the following parameters:

• EPG name

• EPG description

• EPG type

• EPG members

• EPG policies

EPG types

There are two types of EPGs:

• Internal EPGs are used to group ports that are physically located on the same switch.

• External EPGs are used to group ports that are located on different switches. External EPGs are also used to group ports that are located on different devices, such as servers or routers.

EPG members

EPG members can be individual ports or port channels. A port channel is a logical grouping of multiple physical ports.

EPG policies

EPG policies define the security and QoS policies that are applied to the traffic flowing through the EPG.

Creating an EPG

EPGs are created using the Cisco ACI policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When an EPG is created, the administrator defines the following parameters:

• EPG name

• EPG description

• EPG type

• EPG members

• EPG policies

After an EPG is created, the administrator can add endpoints to the EPG. Endpoints can be physical devices, such as servers or routers, or they can be virtual devices, such as virtual machines or containers.

Adding endpoints to an EPG

Endpoints are added to an EPG using the Cisco ACI policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When an endpoint is added to an EPG, the administrator defines the following parameters:

• Endpoint name

• Endpoint description

• Endpoint type

• Endpoint address

• Endpoint policies

After an endpoint is added to an EPG, the administrator can apply security and QoS policies to the endpoint.

Applying policies to an endpoint

Policies are applied to an endpoint using the Cisco ACI policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When a policy is applied to an endpoint, the administrator defines the following parameters:

• Policy name

• Policy description

• Policy type

• Policy parameters

Policy types

There are two types of policies:

• Security policies are used to protect the network from unauthorized access and to control the flow of traffic.

• Quality of service (QoS) policies are used to prioritize traffic and to ensure that critical traffic is not delayed or dropped.

Applying a security policy

Security policies are applied to an endpoint using the Cisco ACI policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When a security policy is applied to an endpoint, the administrator defines the following parameters:

• Policy name

• Policy description

• Policy type

• Policy parameters

The security policy parameters define the following:

• The type of security policy

• The action to take if the policy is violated

• The conditions that trigger the policy

• The devices and users that are affected by the policy

Applying a QoS policy

Quality of service (QoS) policies are applied to an endpoint using the Cisco ACI policy model. The ACI policy model defines the relationships between EPGs, endpoints, and the network.

When a QoS policy is applied to an endpoint, the administrator defines the following parameters:

• Policy name

• Policy description

• Policy type

• Policy parameters