Tech Note: ACI EPG Static Port Bindings — Never pick “untagged”

When you’re statically binding an EPG to a port, you have the option to choose one of three options. Here’s why you never want to never want to select Access (Untagged) and always want to pick either Access-802.1p or Trunk-Tagged.

Never pick “Mode: Access (Untagged)”!

Access (Untagged)

If this port were in NX-OS mode, the configuration would look like this:

This mode simply sets the port to an access port, and sets the VLAN that’s associated with the port. There’s no encapsulation since it’s not a trunk port.

Access (802.1p)

With an 802.1p access port, the port type is configured to trunk, but the native VLAN is the same as the port. In effect, is port configuration looks and feels to the end device the same as the Access-Untagged configuration, but the port mode is already in trunk.

Trunk (Tagged)

Once again, virtually the same configuration, except the allowed VLAN is tagged. The end host device has to be configured for that.

So what?

Here’s why you care: you don’t want to setup a port as an Access-Untagged port because if you ever need to change it (by adding additional EPGs to a static port), you’ll have to change the port type, and that’ll bounce traffic.

Even if you only have one EPG mapped to a port and you don’t need tagging, there’s no downside to setting the port to Access-802.1p, then you can always map more Trunk-Tagged EPGs in the future without any traffic interruption.

Data center/security/collab hack, CCIE #5026, focusing on automation, programmability, operational efficiency and getting rid of technical debt.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store