Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1933
Views
0
Helpful
5
Replies

Multi-tenancy in SD-Access

Madura Malwatte
Level 4
Level 4

‎07-08-2021 07:20 AM

What's the correct way to do multi-tenancy in SD-Access? I haven't been able to find anything about it. Is it just using separate VN's? - but that doesn't seem like real multi-tenancy, as a single organisation/tenant could have multiple VNs for their macro-segmentation...

Labels:
0 Helpful
5 Replies 5

Scott Hodgdon
Cisco Employee
Cisco Employee

‎07-08-2021 07:34 AM

Madura,

Can you please describe in a little more detail the use case you wish for multi-tenancy ? This term can mean different things to different people, so I want to be clear on your ask before providing and answer.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

0 Helpful

Madura Malwatte
Level 4
Level 4
In response to Scott Hodgdon

‎07-08-2021 07:46 AM

Hi @Scott Hodgdon 

Say, completely separate organisations that will utilize a single common campus fabric, along with a common NAC. It seems this would be just assigning a VN to each organisation - tenant1_VN, tenant2_VN, etc, then using SGTs for micro-segmentation within a tenant VN? Or is there other ways to do it?

0 Helpful

jedolphi
Cisco Employee
Cisco Employee
In response to Madura Malwatte

‎07-13-2021 02:29 PM

Hey Madura, correct, currently we have L3VNs. Network tenants could be placed in L3VNs and I have worked on SD-Access networks designed as such, one with around 90x L3VNs representing different business entities. We're developing L2VNs and some level of support for overlapping IP ranges , which was announced at Cisco Live a few months back. Some details can be found in BRKENS-2008, some information can be found here, https://www.ciscolive.com/global/on-demand-library.html?search=dolphin#/session/16106298294090015TSm , HTH, Jerome

 

0 Helpful

Hamada Ahmed
Level 1
Level 1
In response to Scott Hodgdon

‎08-03-2022 02:56 PM

Hi Scott

Yea this term is little bit confuse 

Could I have mult tenants usinf the same fabric?

Which means different organizations login to DNA to manage thier own logical fabric? 

Example, we build physical campus network, then create different tenants to manage their own logical fabric over the same physical network devices

Or its only just VNs to configure this multi tenants

0 Helpful

Scott Hodgdon
Cisco Employee
Cisco Employee

‎08-04-2022 09:05 AM

@Madura Malwatte , We do not support that level of granularity of Roles Based Access Control with DNA Center at this time. If a fabric site has many tenants separated by L2 or L3 VNs, then we cannot limit someone from seeing the other VNs (or other site constructs) in that site. Currently we cannot even do that on a per-site basis, but that is being worked on.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

0 Helpful
Customers Also Viewed These Support Documents