Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have two questions that I would appreciate some help with...Firstly, has anyone implemented enforcement of north-south micro segmentation policy, particularly on-prem client-server apps? If so, please share any details you can. Our deployments have...
I think I understand most of it now but there are still some questions that I am struggling to answer:
1.) If WMM certification is the 802.11e amendments around QoS, then why does the Cisco 8.6 install guide state, "This UP is used to derive the ov...
My understanding is that IPS and CX cannot be combined. And that Cisco will add IPS functionality into the CX in the future.In the meantime, I wonder what forum members think of the basic IPS functionality in the ASA, namely the 'ip audit' commands. ...
I'm not sure how to spec an appropriate switch based on it's CPU performance when performing QoS duties.The switch must police ingress traffic on a single interface, based upon the destination IP subnet. Normally, I'd spec a router and that would be ...
I've deliberately not posted this under the wireless section, as I want to try and understand more about Meraki in relation to the campus LAN. Does anyone have any Meraki experience, particularly around their switches and firewalls?I'm trying to unde...
It's a good video, especially the guy covering micro segmentation. They began several years ago and I don't think GBPA was available back then. They used something called Knet which appears to be a TAC tool for which there's very little info on the C...
The design guides are pretty good but looking for real-world experience to be honest.The issue is that most customers are not confident to write a security policy around north-south access control - they don't feel they can accurately document what's...
Hi BB,Thanks for responding.It was more of a general query to be honest, but if it helps to have an example then what about a hospital since they still have plenty of on-prem client-server apps.
Not 100% sure what you're asking so I've covered a few angles.Yes, you can place all your corporate endpoints into a single VN and leverage micro segmentation. Better to minimise the number of VNs anyway although a single VN won't work for everyone. ...
Is this for a lab or production network? If the latter, then a Cisco firewall makes more sense than fusion router, cost permitting. Better to punt inter-VRF traffic up to the firewalls, thereby properly securing the networks from one another, which i...
