topic Re: Broadcast control with SGTs and microsegmentation in Network Access Control

Broadcast control with SGTs and microsegmentation

Antonio Macia — Thu, 30 Jun 2022 09:37:10 GMT

Hi,

In a Trustsec environment where devices within the same VLAN are not allowed to communicate, layer two traffic like ARP would be also blocked, right? This approach would allow us to have larger subnets without the caveats of the increase on the broadcast traffic that endpoints would have to process, is that correct?

Thanks.

Re: Broadcast control with SGTs and microsegmentation

Mohammed al Baqari — Thu, 30 Jun 2022 13:48:31 GMT

Not exactly. So punted traffic toCPU won't be blocked by SGACLs. But
hardware switched traffic will be blocked by SGACLs.

**** please remember to rate useful posts

Re: Broadcast control with SGTs and microsegmentation

Antonio Macia — Sat, 02 Jul 2022 06:33:09 GMT

For traffic destined to the switch itself I understand it will be punted to the CPU, but from the endpoints perspective they won't receive other's ARP traffic if not allowed by the matrix, right?

Re: Broadcast control with SGTs and microsegmentation

thomas — Wed, 06 Jul 2022 06:36:17 GMT

Traffic not allowed to destination groups by the TrustSec matrix... should not be allowed (or received) by the destination endpoints.