If you have an IP-ACL on an SVI Interface today. How can I implement it into a SD-Access Fabric?
I'm not meaning a micro segmentation. Just for example deny any icmp traffic for a specific device.
No Firewall in front of the site. Do DACL does the job for me and are they supported?
Solved! Go to Solution.
it will be enforced on the vlan as we push the following config as part of fabric
cts role-based enforcement
cts role-based enforcement vlan-list
The best place to deploy is on Border or Fusion.