About faylee

faylee · 04-26-2021

Create your new custom Active Directory attribute (refer to Microsoft documentation for further detail). For this example, I created a new AD attribute called "SGT".Set the value for your custom attribute. For this example, I set SGT="Docs"On ISE, ...

faylee · 02-02-2021

Overview Securing the network by ensuring the right users, the right access, to the right set of resources is the core function of Cisco’s Identity Services Engine (ISE). ISE builds context about users (Who), device type (What), access time (When),...

faylee · 09-30-2020

IntroductionEndpoint Meta Data SourcesSoftware Defined Application Visibility and Control (SDAVC)Rule ManagementISE Parity Introduction Cisco AI Endpoint Analytics (EA) has 3 primary responsibilities. 1. EA aggregates meta data from various sour...

faylee · 09-24-2020

(Pdf copy at the bottom) Overview SD-Access Segmentation Segmentation within SD-Access is enabled through the combined use of both Virtual Networks (VN), which are analogous to VRFs, and Cisco Scalable Group Tags (SGTs). VNs, like VRFs, provide comp...

faylee · 09-18-2020

The goal of this guide is to illustrate the main concepts of TrustSec which are: Classification: Classifying endpoints and servers with a Scalable Group Tag (SGT) Propagation: Communicating SGT information through the network Enforcement: Enforci...

faylee · 07-10-2020

Hi Greg, Err, ISE 2.7 UI should not be showing the ACI 3.2 option. What build of 2.7 do you have? Kafka is only supported with data plane integration which is not yet available. For policy plane integration, you need only to import the APIC certifi...

faylee · 06-11-2020

Hi Benjamin,Yes, the behavior that you’re observing is correct behavior for a SDA environment.The precedence information that you’re referring from Cisco Live to applies to non-fabric.HTH,Fay-Ann

faylee · 02-05-2020

Hello, No there is no issue with connecting these devices to a CP/B node. HTH, Fay-Ann

faylee · 11-08-2019

Not exactly sure what you mean by "transparent". In general, authentication (via AD or any other identity source) is separate from policy. You can however based SGT assignment based on which AD group the user is a member of. HTH, Fay-Ann

faylee · 10-17-2019

Hi Dominic, We need to get the data sheet corrected. Multi-ISE to single DNAC is not yet supported. Apologies for the confusion, Fay-Ann

Member Since	‎10-21-2011 11:18 AM
Date Last Visited	‎11-18-2022 03:29 AM
Posts	34
Total Helpful Votes Received	198

User Statistics

User Activity

Using Active Directory/LDAP for External SGT Assignment with Cisco ISE

ISE and Duo

Profiling and Rule Management in Cisco AI Endpoint Analytics

Allowed List Policy Considerations for SD-Access

Group Based Policy Fundamentals

Re: TrustSec-ACI Policy Plane integration using Kafka method

Re: CTS Border Enforcement Inline Tagging/SXP

Re: Legacy switches interaction with border node

Re: MS AD Multi-domain integration with SDA fabric

Re: Multiple ISE clusters in Cisco DNA-C