sgacl

RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 3)

The video shows you how you can implement Cisco TrustSec across a SDA IP Transit using SXP. Cisco ISE will be used as SXP Speaker to distribute SGT-to-IP mapping to Border nodes at fabric sites. We will enforce SGACL on traffic between sites and achieve similar security as in SDA transit.

Rating:

No votes yet

Difficulty Level:

Tag:

dnac

dnac 2.1

sda

sxp

Read more about RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 3)
Log in or register to post comments

RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 2)

The video shows you how you can implement Cisco TrustSec across a SDA IP Transit using SXP. Cisco ISE will be used as SXP Speaker to distribute SGT-to-IP mapping to Border nodes at fabric sites. We will enforce SGACL on traffic between sites and achieve similar security as in SDA transit.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 2)
Log in or register to post comments

RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 1)

The video shows you how you can implement Cisco TrustSec across a SDA IP Transit using SXP. Cisco ISE will be used as SXP Speaker to distribute SGT-to-IP mapping to Border nodes at fabric sites. We will enforce SGACL on traffic between sites and achieve similar security as in SDA transit.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0195 - DNAC 2.1 Multi-Site IP Transit with SXP (Part 1)
Log in or register to post comments

RS0175 - DNAC 2.1 Group-Based Access Control (Part 3)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 3)
Log in or register to post comments

RS0175 - DNAC 2.1 Group-Based Access Control (Part 2)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 2)
Log in or register to post comments

RS0175 - DNAC 2.1 Group-Based Access Control (Part 1)

The video shows you how to enable Group-Based Access Control in SDA using Cisco DNAC 2.1. Our scenario begins with a simple configuration to deny traffic between two user groups. We will then use Group-based Policy Analytic to identify type of traffic between endpoints, and leverage the information to restrict communication within the same endpoint group. Wireshark packet capture will be performed to give us an insight into VXLAN packet structure.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about RS0175 - DNAC 2.1 Group-Based Access Control (Part 1)
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 3)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 3)
1 comment
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 2)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 2)
Log in or register to post comments

DC0034 - ACI ISE TrustSec Integration (Part 1)

The video shows a TrustSec integration between Cisco ISE and ACI via Policy Plane. You will get to see how IP-to-SGT mappings are communicated from ISE to ACI and used to classify traffic entering ACI fabric into L3Out profile. We will perform enforcement using Contract in the ACI domain. The second half of the video covers an ability to perform enforcement in TrustSec domain.

Rating:

No votes yet

Difficulty Level:

Tag:

Read more about DC0034 - ACI ISE TrustSec Integration (Part 1)
Log in or register to post comments

RS0126 - SDA Access Policy with TrustSec (Part 3)

The video shows you how to configure network segmentation using Policy on Cisco DNAC. We will go through different segmentation scenarios both for traffic within and between Virtual Network, all of which leveraging the underlying technology of Cisco TrustSec and Scalable Group Tag (SGT). We will also demonstrate how to continue to use SGT to enforce security beyond SDA fabric.

Rating:

Average: 5 (2 votes)

Difficulty Level:

Tag: