Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
5
Helpful
1
Replies

Is a scalable group related to per virtual network instance?

Go to solution
hfakoor222
Spotlight
Spotlight

‎06-10-2022 02:59 PM

Chapter 23 of ENCOR CCNP book says

 

 

Scalable group: A scalable group is a group of endpoints with
similar policies. The SD-Access policy plane assigns every endpoint
(host) to a scalable group using TrustSec SGT tags. Assignment to a
scalable group can be either static per fabric edge port or using
dynamic authentication through AAA or RADIUS using Cisco ISE. The
same scalable group is configured on all fabric edge and border nodes.
Scalable groups can be defined in Cisco DNA Center and/or Cisco ISE
and are advertised through Cisco TrustSec. There is a direct one-to one
relationship between host pools and scalable groups. Therefore,
the scalable groups operate within a VN by default. The fabric edge
and border nodes include the SGT tag ID in each VXLAN header,
which is carried across the fabric data plane. This keeps each scalable
group separate and allows SGACL policy and enforcement.

 

 

This gives me the impression a scalable group is typically related to a virtual network.  So it wouldn't be off to see a SD-Access network where a VN instance is defined per group?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎06-10-2022 03:17 PM - edited ‎06-10-2022 03:18 PM

Hi

 Not exactly. When it says "There is a direct one-to one
relationship between host pools and scalable groups. "

They are reffering to this print I took from the DNAC.  There´s a directly relationship but VN must be defined the same way you defice a VLAN in legacy network.

  And the SGT is defined per user group, which means, User A can be on the VN A but communicate with User B in the VN B. Each  of them will receive a SGT and be filtered or not depending on the Trust Sec Matrix.

 

scalable_group.JPG

View solution in original post

1 Reply 1

Go to solution
Flavio Miranda
VIP
VIP

‎06-10-2022 03:17 PM - edited ‎06-10-2022 03:18 PM

Hi

 Not exactly. When it says "There is a direct one-to one
relationship between host pools and scalable groups. "

They are reffering to this print I took from the DNAC.  There´s a directly relationship but VN must be defined the same way you defice a VLAN in legacy network.

  And the SGT is defined per user group, which means, User A can be on the VN A but communicate with User B in the VN B. Each  of them will receive a SGT and be filtered or not depending on the Trust Sec Matrix.

 

scalable_group.JPG

Customers Also Viewed These Support Documents