VXLAN in SD Access

Asfandyar70754 · ‎03-15-2022

Hey guys,

I have been trying to study SD Access and I am a bit confused in VXLAN. I know VXLAN tunnels L2 traffic over L3 infrastructure, so I get it why it is good in DC/ACI, because of vMotion. But in Campus network how it is beneficial, specially when most of the users use wireless now a days.

jalejand · ‎03-15-2022

1) VXLAN helps to carry SGT tags to enforce TrustSec in SDA

2) L2 Extension over L3 is needed for seamless wireless roaming in SDA , wireless clients are not tunneled to WLCs, instead, these are sent over the wire just like FlexConnect but using VXLAN between APs and Edges. When roaming between APs in different FEs, L2 extension removes the need of requesting DHCP again, thus reducing delays when roaming.

Azeem Mohamad · ‎02-26-2025

Additional Info :

• Introduction of Security Group Tags (SGT) in VXLAN:

• Enhances network segmentation and security.

• VXLAN Overview:

• Virtual Extensible LAN technology.

• Provides scalable and flexible network virtualization over existing IP networks.

• Benefits of SGT in VXLAN:

• Allows for enforcement of security policies at the network level.

• Enables granular control and classification of network traffic.

• Traffic Control and Classification:

• Assign SGTs to traffic flows based on user-defined policies.

• Policies can be based on criteria such as application type, user group, or security clearance.

• Propagation of SGTs:

• Utilizes Cisco's TrustSec technology to propagate SGTs across the network.

• Ensures consistent security policies are applied across different network segments.

• Integration Benefits:

• Combines network virtualization with enhanced security capabilities.

• Enables fine-grained control and segmentation in networks.

• Maintains a robust security posture for organizations.