https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4663782#M1964 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/147749">@Madura Malwatte</a>&nbsp;, We do not support that level of granularity of Roles Based Access Control with DNA Center at this time. If a fabric site has many tenants separated by L2 or L3 VNs, then we cannot limit someone from seeing the other VNs (or other site constructs) in that site. Currently we cannot even do that on a per-site basis, but that is being worked on.</P> <P class="p1"><SPAN class="s1">Cheers,</SPAN><SPAN class="s2"><BR /></SPAN><SPAN class="s1">Scott Hodgdon</SPAN></P> <P class="p2"><SPAN class="s3">Senior Technical Marketing Engineer</SPAN></P> <P class="p2"><SPAN class="s3">Enterprise Networking and Cloud Group</SPAN></P> Thu, 04 Aug 2022 16:05:39 GMT Scott Hodgdon 2022-08-04T16:05:39Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429926#M1413 <P>What's the correct way to do multi-tenancy in SD-Access? I haven't been able to find anything about it. Is it just using separate VN's? - but that doesn't seem like real multi-tenancy, as a single organisation/tenant could have multiple VNs for their macro-segmentation...</P> Thu, 08 Jul 2021 14:20:32 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429926#M1413 Madura Malwatte 2021-07-08T14:20:32Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429943#M1414 <P>Madura,</P> <P>Can you please describe in a little more detail the use case you wish for multi-tenancy ? This term can mean different things to different people, so I want to be clear on your ask before providing and answer.</P> <P class="p1"><SPAN class="s1">Cheers,</SPAN><SPAN class="s2"><BR /></SPAN><SPAN class="s1">Scott Hodgdon</SPAN></P> <P class="p2"><SPAN class="s3">Senior Technical Marketing Engineer</SPAN></P> <P class="p2"><SPAN class="s3">Enterprise Networking and Cloud Group</SPAN></P> Thu, 08 Jul 2021 14:34:46 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429943#M1414 Scott Hodgdon 2021-07-08T14:34:46Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429949#M1415 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/224745">@Scott Hodgdon</a>&nbsp;</P><P>Say, completely separate organisations that will utilize a single common campus fabric, along with a common NAC. It seems this would be just assigning a VN to each organisation - tenant1_VN, tenant2_VN, etc, then using SGTs for micro-segmentation within a tenant VN? Or is there other ways to do it?</P> Thu, 08 Jul 2021 14:46:11 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4429949#M1415 Madura Malwatte 2021-07-08T14:46:11Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4432634#M1418 <P>Hey Madura, correct, currently we have L3VNs. Network tenants could be placed in L3VNs and I have worked on SD-Access networks designed as such, one with around 90x L3VNs representing different business entities. We're developing L2VNs and some level of support for overlapping IP ranges , which was announced at Cisco Live a few months back. Some details can be found in BRKENS-2008, some information can be found here, <A href="https://www.ciscolive.com/global/on-demand-library.html?search=dolphin#/session/16106298294090015TSm" target="_blank">https://www.ciscolive.com/global/on-demand-library.html?search=dolphin#/session/16106298294090015TSm</A> , HTH, Jerome</P> <P>&nbsp;</P> Tue, 13 Jul 2021 21:29:44 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4432634#M1418 jedolphi 2021-07-13T21:29:44Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4663282#M1963 <P>Hi Scott</P><P>Yea this term is little bit confuse&nbsp;</P><P>Could I have mult tenants usinf the same fabric?</P><P>Which means different organizations login to DNA to manage thier own logical fabric?&nbsp;</P><P>Example, we build physical campus network, then create different tenants to manage their own logical fabric over the same physical network devices</P><P>Or its only just VNs to configure this multi tenants</P> Wed, 03 Aug 2022 21:56:09 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4663282#M1963 Hamada Ahmed 2022-08-03T21:56:09Z https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4663782#M1964 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/147749">@Madura Malwatte</a>&nbsp;, We do not support that level of granularity of Roles Based Access Control with DNA Center at this time. If a fabric site has many tenants separated by L2 or L3 VNs, then we cannot limit someone from seeing the other VNs (or other site constructs) in that site. Currently we cannot even do that on a per-site basis, but that is being worked on.</P> <P class="p1"><SPAN class="s1">Cheers,</SPAN><SPAN class="s2"><BR /></SPAN><SPAN class="s1">Scott Hodgdon</SPAN></P> <P class="p2"><SPAN class="s3">Senior Technical Marketing Engineer</SPAN></P> <P class="p2"><SPAN class="s3">Enterprise Networking and Cloud Group</SPAN></P> Thu, 04 Aug 2022 16:05:39 GMT https://community.cisco.com/t5/software-defined-access-sd-access/multi-tenancy-in-sd-access/m-p/4663782#M1964 Scott Hodgdon 2022-08-04T16:05:39Z