Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
0
Helpful
3
Replies

SD LAN with multiple tenants

Go to solution
Oban3jimmy
Level 1
Level 1

‎12-08-2019 12:36 PM

Hi all,

 

im a SD LAN newbie so please bare with me. 

im looking at a Cisco ACI and DNA Center deployment for a all in SD solution. 

im happy what ACI will do; but I’m looking at the access layers and trying to understand how users in tenants are handled. Ideally each tenant / customer will have a .1x cert authentication and then the result of this .1x challenge will determine with tenant they sit within. 

so in effect a generic access layer is deployment to all sites. Then any customer from any tenant can plug into the access layer, they are identified by certificate and they can then only access the resources allowed by the tenant rules?

 

looking at 9000 series switching and controllers to achieve this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Oban3jimmy

‎12-08-2019 02:15 PM

yes, how you define those security tags based on the ISE.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2019 12:56 PM - edited ‎12-08-2019 12:57 PM

As per my understanding - SD-Access for Campus Lan, and more controlled by ISE here play a big role.

 

If anyone can plug into port and they are not part of your network or unauthorized access - based on the design ISE will decide what kind of resources will be allowed for this unknown rogue client in the network, or you can also configure to shut down the port and alerts can be sent over.

 

If you looking for each port as a tenant-based system, that should be carefully understood and design the network as per the needs.

 

Look at the SD-Access with Segmentation design guide :

 

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Oban3jimmy
Level 1
Level 1
In response to balaji.bandi

‎12-08-2019 01:24 PM

Thank you - just so I understand at a high level; if designed properly, each switch port can dynamically represent any tenant?  

So it’s not important where you plug into on the switch, only the 802.1x response will determine the tenant you are assigned to?

 

thanks 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Oban3jimmy

‎12-08-2019 02:15 PM

yes, how you define those security tags based on the ISE.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card