Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
5
Helpful
4
Replies

Blocking traffic between 2 SGT in the same VN.

Go to solution
pham duy hiep
Level 1
Level 1

‎12-12-2021 06:00 AM

Hi all.

 

I plan to design a new VN in my Fabric, wich has 2 subnets for user and server. 2 subnets will have different SGT. But I want the users can't access to the server (I know that all endpoints in the same VN can communicate with each other by default).

So how can I do it with the easiest way?

 

Thank you.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎12-14-2021 02:42 AM

Login to DNAC -> choose policy -> Group-based-Access control

SGT.PNG

 

In my above LAB, you can see I have two groups (custom created) IT DATA1 and IT DATA2. You can click on the required control Box and there will a popup. You can select as "DENY" or "DENY with logs" option as your need. 

Save .. Deploy...

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

4 Replies 4

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎12-12-2021 09:33 AM

Hello,

In your policy configuration, make action Default or allow to Deny from your Group1 to Group1 or Gorup2 as you need. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
pham duy hiep
Level 1
Level 1
In response to Deepak Kumar

‎12-14-2021 01:07 AM - edited ‎12-14-2021 01:08 AM

Hi DeepPak,

Thank for your response.

Now, I'm waiting for testing environment to confirm it but this exactly is what I need to do, right?

Login to DNAC -> choose policy -> create a new policy with option deny IP between 2 Scalable Groups.

deny communicatio between 2 SGT on the same VN.png

 

Thanks again.

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎12-14-2021 02:42 AM

Login to DNAC -> choose policy -> Group-based-Access control

SGT.PNG

 

In my above LAB, you can see I have two groups (custom created) IT DATA1 and IT DATA2. You can click on the required control Box and there will a popup. You can select as "DENY" or "DENY with logs" option as your need. 

Save .. Deploy...

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
pham duy hiep
Level 1
Level 1
In response to Deepak Kumar

‎12-14-2021 02:47 AM

Hi Deepak.

Thank you so much.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card