The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.