About faylee

faylee · 09-27-2024

With this integration, we are easing our customers’ ability to secure their internet bound traffic with visibility beyond just basic IP addresses. In a Catalyst SD-WAN branch, people and things are grouped using VPNs aka VRFs. We are now able ...

faylee · 04-26-2021

Create your new custom Active Directory attribute (refer to Microsoft documentation for further detail). For this example, I created a new AD attribute called "SGT".Set the value for your custom attribute. For this example, I set SGT="Docs"On ISE, ...

faylee · 02-02-2021

Overview Securing the network by ensuring the right users, the right access, to the right set of resources is the core function of Cisco’s Identity Services Engine (ISE). ISE builds context about users (Who), device type (What), access time (When),...

faylee · 09-30-2020

IntroductionEndpoint Meta Data SourcesSoftware Defined Application Visibility and Control (SDAVC)Rule ManagementISE Parity Introduction Cisco AI Endpoint Analytics (EA) has 3 primary responsibilities. 1. EA aggregates meta data from various sour...

faylee · 09-24-2020

(Pdf copy at the bottom) Overview SD-Access Segmentation Segmentation within SD-Access is enabled through the combined use of both Virtual Networks (VN), which are analogous to VRFs, and Cisco Scalable Group Tags (SGTs). VNs, like VRFs, provide comp...

faylee · 07-10-2020

Hi Greg, Err, ISE 2.7 UI should not be showing the ACI 3.2 option. What build of 2.7 do you have? Kafka is only supported with data plane integration which is not yet available. For policy plane integration, you need only to import the APIC certifi...

faylee · 06-11-2020

Hi Benjamin,Yes, the behavior that you’re observing is correct behavior for a SDA environment.The precedence information that you’re referring from Cisco Live to applies to non-fabric.HTH,Fay-Ann

faylee · 02-05-2020

Hello, No there is no issue with connecting these devices to a CP/B node. HTH, Fay-Ann

faylee · 11-08-2019

Not exactly sure what you mean by "transparent". In general, authentication (via AD or any other identity source) is separate from policy. You can however based SGT assignment based on which AD group the user is a member of. HTH, Fay-Ann

faylee · 10-17-2019

Hi Dominic, We need to get the data sheet corrected. Multi-ISE to single DNAC is not yet supported. Apologies for the confusion, Fay-Ann

Member Since	‎10-21-2011 11:18 AM
Date Last Visited	‎05-18-2026 02:32 PM
Posts	25
Total Helpful Votes Received	204

User Statistics

User Activity

Context Sharing (VPNid/SGT) for Catalyst SD-WAN & VPNaaS

Using Active Directory/LDAP for External SGT Assignment with Cisco ISE

ISE and Duo

Profiling and Rule Management in Cisco AI Endpoint Analytics

Allowed List Policy Considerations for SD-Access

Re: TrustSec-ACI Policy Plane integration using Kafka method

Re: CTS Border Enforcement Inline Tagging/SXP

Re: Legacy switches interaction with border node

Re: MS AD Multi-domain integration with SDA fabric

Re: Multiple ISE clusters in Cisco DNA-C