cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1558
Views
5
Helpful
4
Replies

Segmentation and SGT

Hi all,

 

I have been reading this article https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html - and I need help for someone to explain me the illustrion.: 1.7.2 "How does Segmentation works"

 

I have attached the picture. Can someone please exlain the picture for me? 

 
1 Accepted Solution

Accepted Solutions

as per the diagram employee only get App_Serv access ( rest all deny)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

SGT Security Group Tag) or (Scalable Group Tag) - this will be allocated to user or device.

 

Based on the SGT and matrix you see on your picture, what resource the SGT can access (it can be allow or deny)

 

That is very good feature of ISE being a identity engine.

 

Your diagram show high level  (it required bit integration) between Enterprise Lan and DC environment.)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag (7 and 8)? Or does it mean that employee can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all? 

as per the diagram employee only get App_Serv access ( rest all deny)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag? Or does it mean that he can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all?