sgacl

RS0175 - DNAC 2.1 Group-Based Access Control (Part 3)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 3)
Log in or register to post comments

RS0175 - DNAC 2.1 Group-Based Access Control (Part 2)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 2)
Log in or register to post comments

RS0175 - DNAC 2.1 Group-Based Access Control (Part 1)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 1)
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 3)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 3)
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 2)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 2)
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 1)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 1)
Log in or register to post comments

RS0126 - SDA Access Policy with TrustSec (Part 3)

The video shows you how to configure network segmentation using Policy on Cisco DNAC. We will go through different segmentation scenarios both for traffic within and between Virtual Network, all of which leveraging the underlying technology of Cisco TrustSec and Scalable Group Tag (SGT). We will also demonstrate how to continue to use SGT to enforce security beyond SDA fabric.

Rating:

Average: 5 (2 votes)

Difficulty Level:

Tag:

Read more about RS0126 - SDA Access Policy with TrustSec (Part 3)
Log in or register to post comments

RS0126 - SDA Access Policy with TrustSec (Part 2)

The video shows you how to configure network segmentation using Policy on Cisco DNAC. We will go through different segmentation scenarios both for traffic within and between Virtual Network, all of which leveraging the underlying technology of Cisco TrustSec and Scalable Group Tag (SGT). We will also demonstrate how to continue to use SGT to enforce security beyond SDA fabric.

Rating:

Average: 5 (2 votes)

Difficulty Level:

Tag:

Read more about RS0126 - SDA Access Policy with TrustSec (Part 2)
2 comments
Log in or register to post comments

RS0126 - SDA Access Policy with TrustSec (Part 1)

The video shows you how to configure network segmentation using Policy on Cisco DNAC. We will go through different segmentation scenarios both for traffic within and between Virtual Network, all of which leveraging the underlying technology of Cisco TrustSec and Scalable Group Tag (SGT). We will also demonstrate how to continue to use SGT to enforce security beyond SDA fabric.

Rating:

Average: 5 (2 votes)

Difficulty Level:

Tag:

Read more about RS0126 - SDA Access Policy with TrustSec (Part 1)
Log in or register to post comments

SEC0220 - ISE 2.0 TrustSec - SXP (Part 3)

The video demonstrates SXP capability on Cisco ISE 2.0 to relay SGT between SXP-capable network devices. We will use WLC as SXP speaker, while ASA and switch as listeners and enforcers. The switch has SGACL implemented from the previous video and the ASA will leverage SGT in its ACL. We will also look at Static SXP Mapping.

Rating:

Average: 5 (1 vote)

Difficulty Level:

Tag: