11-10-2021 04:52 AM
Hi all,
I have been reading this article https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html - and I need help for someone to explain me the illustrion.: 1.7.2 "How does Segmentation works"
I have attached the picture. Can someone please exlain the picture for me?
Solved! Go to Solution.
11-10-2021 05:28 AM
as per the diagram employee only get App_Serv access ( rest all deny)
11-10-2021 05:03 AM
SGT Security Group Tag) or (Scalable Group Tag) - this will be allocated to user or device.
Based on the SGT and matrix you see on your picture, what resource the SGT can access (it can be allow or deny)
That is very good feature of ISE being a identity engine.
Your diagram show high level (it required bit integration) between Enterprise Lan and DC environment.)
11-10-2021 05:18 AM
Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag (7 and 8)? Or does it mean that employee can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all?
11-10-2021 05:28 AM
as per the diagram employee only get App_Serv access ( rest all deny)
11-10-2021 05:10 AM - edited 11-10-2021 05:12 AM
Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag? Or does it mean that he can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide