cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
5
Helpful
1
Replies
Highlighted
Beginner

SD-Access , how to restrict traffic inside a SG

Hello everyone, does anybody know if in a SDA deployment, it is possible to deny traffic inside the same scalable group? The customer is using private VLANs today and wants the same behaivour in a SDA deployment.
Thanks in advance.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Rising star

Re: SD-Access , how to restrict traffic inside a SG

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

View solution in original post

1 REPLY 1
VIP Rising star

Re: SD-Access , how to restrict traffic inside a SG

SDA deployment, it is possible to deny traffic inside the same scalable group?

 

Yes. You can accomplish this via your Cisco Trustsec matrix in ISE that gets deployed into your trustsec domain in SDA. You have the following options:

 

permit/deny SGT A <—>SGT A

Or you can leverage L4 SGACLs to specifically allow/deny ports between SGT A members. 

 

Hope this helps. 

 

View solution in original post

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards