Good Afternoon @NetApp93 ,
Just to help others who come across this post we should define broadcast domains and failover groups:
Broadcast Domain: "Broadcast domains are intended to group network ports that belong to the same layer 2 network. The ports in the group can then be used by a storage virtual machine (SVM) for data or management traffic."
Failover Group: "You create a failover group of network ports so that a LIF can automatically migrate to a different port if a link failure occurs on the LIF's current port. This enables the system to reroute network traffic to other available ports in the cluster."
Answer to original question: If all of your data LIFs are VLAN tagged then you do not need a broadcast domain or Failover Group configured for your untagged interface group (a0a in your case). I have run into issues in the past when configuring IPspaces on interface groups where broadcast domains were required as it was being configured, but can be removed post IPspace configuration.
Q: To me that doesn't make any sense, as a the data LIF, which is obviously running frames with a vlan 30 tag, could failover to an a0a port where the frames would then be dropped. Am I missing something here regarding how failover groups should be configured, or is my AFF-A220 misconfigured?
A: When you create a broadcast domain for your VLAN you should have a failover group created, you can show this with the "failover-groups show" command. Each VLAN that you configure on ONTAP should have its own broadcast domain and failover group and these would be separate from the broadcast domain and failover group that are automatically created on your interface group (a0a) so you don't need to worry about your data LIF failing over to the a0a ports with frames being dropped.
Does this answer your questions?