Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1307
Views
5
Helpful
1
Replies

SD-Access , how to restrict traffic inside a SG

Go to solution
norberto.padin
Level 1
Level 1

‎01-21-2019 06:17 AM

Hello everyone, does anybody know if in a SDA deployment, it is possible to deny traffic inside the same scalable group? The customer is using private VLANs today and wants the same behaivour in a SDA deployment.
Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-25-2019 10:55 PM

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

View solution in original post

1 Reply 1

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-25-2019 10:55 PM

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

Customers Also Viewed These Support Documents