CPOC Series: ACI Segmentation Using Microsegmented EPGs (uSeg)

In this video we explore a very popular topic in Microsegmentation. To summarize, Microsegmentation inside of ACI is taking devices inside of an EPG, and placing them inside of their own “sub-EPG”. This new EPG behaves exactly like normal EPGs from a connectivity perspective; we still need contracts to talk to other EPGs (including our base-EPG), we also still need to associate the uSeg EPG to a bridge domain.

Inside of ACI, we implement Microsegmentation in the following manner:

  1. Create a Base EPG (this is a normal EPG). From the base EPG, all of your devices in the same EPG are identified (as normal) with a dot1q tag.
    1. Our your VMM domain attached to the base EPG, click the “allow micro-segmentation” clickbox.
  2. Create a uSeg EPG. There are several ways of classifying the uSeg EPG:
    1. DNS name
    2. IP address
    3. Mac Address
    4. VM Attributes (VM name, vSphere DC, etc)
uSeg in ACI

One thought on “CPOC Series: ACI Segmentation Using Microsegmented EPGs (uSeg)

  1. Could you explain he steps how to integrate AD/ISE into the ACI so that uSeg on user/group name from AD is possible ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.