cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1422
Views
5
Helpful
1
Replies

SD-Access , how to restrict traffic inside a SG

norberto.padin
Level 1
Level 1

Hello everyone, does anybody know if in a SDA deployment, it is possible to deny traffic inside the same scalable group? The customer is using private VLANs today and wants the same behaivour in a SDA deployment.
Thanks in advance.

1 Accepted Solution

Accepted Solutions

Mike.Cifelli
VIP Alumni
VIP Alumni

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

View solution in original post

1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

Review Cisco Networking for a $25 gift card