Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1558
Views
5
Helpful
4
Replies

Segmentation and SGT

Go to solution
jakobhoeghmikkelsen
Level 1
Level 1

‎11-10-2021 04:52 AM

Hi all,

 

I have been reading this article https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/guide-c07-656177.html - and I need help for someone to explain me the illustrion.: 1.7.2 "How does Segmentation works"

 

I have attached the picture. Can someone please exlain the picture for me? 

 
Labels:
Preview file
810 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-10-2021 05:28 AM

as per the diagram employee only get App_Serv access ( rest all deny)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-10-2021 05:03 AM

SGT Security Group Tag) or (Scalable Group Tag) - this will be allocated to user or device.

 

Based on the SGT and matrix you see on your picture, what resource the SGT can access (it can be allow or deny)

 

That is very good feature of ISE being a identity engine.

 

Your diagram show high level  (it required bit integration) between Enterprise Lan and DC environment.)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
jakobhoeghmikkelsen
Level 1
Level 1
In response to balaji.bandi

‎11-10-2021 05:18 AM

Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag (7 and 8)? Or does it mean that employee can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all? 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-10-2021 05:28 AM

as per the diagram employee only get App_Serv access ( rest all deny)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
jakobhoeghmikkelsen
Level 1
Level 1

‎11-10-2021 05:10 AM - edited ‎11-10-2021 05:12 AM

Thanks for responding! But, does this mean that because employee has TAG nr 5 - he can't access the production and application serveres, because they have a different tag? Or does it mean that he can access the appl server because he has Permit all, and cannot acces prod_serv becaue he has deny_all? 

0 Helpful
Customers Also Viewed These Support Documents