Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
10
Helpful
3
Replies

Broadcast control with SGTs and microsegmentation

Antonio Macia
Level 3
Level 3

‎06-30-2022 02:19 AM - edited ‎06-30-2022 02:37 AM

Hi,

 

In a Trustsec environment where devices within the same VLAN are not allowed to communicate, layer two traffic like ARP would be also blocked, right? This approach would allow us to have larger subnets without the caveats of the increase on the broadcast traffic that endpoints would have to process, is that correct?

Thanks.

0 Helpful
3 Replies 3

Mohammed al Baqari
Level 11
Level 11

‎06-30-2022 06:48 AM

Not exactly. So punted traffic toCPU won't be blocked by SGACLs. But
hardware switched traffic will be blocked by SGACLs.

**** please remember to rate useful posts

Antonio Macia
Level 3
Level 3
In response to Mohammed al Baqari

‎07-01-2022 11:33 PM

For traffic destined to the switch itself I understand it will be punted to the CPU, but from the endpoints perspective they won't receive other's ARP traffic if not allowed by the matrix, right?

0 Helpful

thomas
Cisco Employee
Cisco Employee
In response to Antonio Macia

‎07-05-2022 11:36 PM

Traffic not allowed to destination groups by the TrustSec matrix... should not be allowed (or received) by the destination endpoints.

Customers Also Viewed These Support Documents