Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
10
Helpful
4
Replies

SGT to block access between IP pools in same VN

techno.it
Level 1
Level 1

‎12-14-2021 02:55 PM

Hi Folks


I have a VN in fabric which got two IP pools

and I want block the communication between them using SGT. 
Users get authenticated to network with 802.1x using MAB and machine authentication.

However, I don't want to make user groups on ISE but do SGT subnet mappings

 

I want to give a tags to the subnet so once user connect to network, it cannot with other VLANs in same VRF

 

How this use case can be achieved?

 

 

 

Labels:
0 Helpful
4 Replies 4

M@rco
Level 1
Level 1

‎12-14-2021 11:48 PM

Hello techno,

 

you can select a default SGT per IP Pool within the host-onboarding configuration. If ISE doesn´t reply with another SGT, SDA will use this default SGT per IP Pool.

 

0 Helpful

techno.it
Level 1
Level 1
In response to M@rco

‎12-18-2021 03:27 AM

M@rco 

 

Could you share any configuration guide that might be helpful?

0 Helpful

M@rco
Level 1
Level 1
In response to techno.it

‎01-28-2022 03:03 AM

you still need some?

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-16-2022 11:32 AM

Take a peek here as there are a ton of valuable resources shared: https://community.cisco.com/t5/networking-documents/cisco-sd-access-fabric-resources/ta-p/4196271

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents