Creating endpoint groups

Endpoint groups are managed objects that (unsurprisingly) contain endpoints. Endpoints are devices that are connected to the network, either directly or indirectly. Endpoints have certain attributes, such as an address and a location; they can be physical or virtual. Endpoint groups are a logical grouping of these, based on common factors. The factors are more business related, such as having common security requirements and whether the endpoints require virtual machine mobility, have the same QoS settings, or consume the same L4-L7 services. Therefore, it makes sense to configure them as a group.

EPGs can span multiple switches and are associated with one bridge domain. There is not a one-to-one mapping between an EPG and particular subnets, and one cool thing about membership in an EPG is that it can be static for physical equipment or dynamic when we use the APIC in conjunction with virtual machine controllers; again, this will cut down on the number of manual configuration steps.