About jeaves@cisco.com

jeaves@cisco.com · 12-06-2023

Use-case: Endpoint in one VN needing group-based policy enforcement to an endpoint in another VN within a FIAB platform, e.g. Users permitted/denied to access IOT Devices Condition1: Single platform FIAB Condition2: Fusion not supporting Group-Based...

jeaves@cisco.com · 10-19-2022

Jonothan EavesInput and review by Darrin MillerOctober 2022 IntroductionAbout Group-Based Policy (GBP)About Security Group Tag Exchange Protocol (SXP)About This GuideWhat is covered in this document?What is not covered in this document?DefineDes...

jeaves@cisco.com · 10-26-2020

Segmentation Strategy - An ISE Prescriptive Guide For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document format you like. Jon...

jeaves@cisco.com · 09-30-2020

IntroductionIntegrationAI Endpoint Analytics Profile LabelsAI Endpoint Analytics Attributes shown in ISEAI Endpoint Analytics Attributes used in ISE Custom Profiler PoliciesISE Profiler Policies used in ISE Authorization RulesRecap and Summary Intr...

jeaves@cisco.com · 09-01-2020

For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document format you like. Jonothan Eaves IntroductionAbout Group-Based Policy A...

jeaves@cisco.com · 11-18-2024

See here for the policy extended node guide: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-7/user_guide/b_cisco_dna_center_ug_2_3_7/b_cisco_dna_center_ug_2_3_7_chapter_01110.html#id_97...

jeaves@cisco.com · 04-11-2023

This is possible but only of you enable inline tagging between the 4 x 9300's. Use SXP from 1/4 of the 2960's to 9300-1, the next 1/4 to 9300-2 etc. That way each 9300 will have mappings for each of it's 2960's. With inline tagging enabled between th...

jeaves@cisco.com · 03-07-2023

Yes, you're switching within VLAN X. Your endpoints are receiving (or have) an IP address from a subnet range, say 10.10.1.0/24 for example. If you're purely switching then the default gateway for VLAN X will be on a platform north-bound somewhere, t...

jeaves@cisco.com · 03-01-2023

The initial part of your paragraph above is discussing adding Subnet or IP:SGT mappings in ISE and deploying them using SSH to log into the NAD(s) and deploy the mappings. So, this was using SSH rather than SXP. This is statically configuring the cla...

jeaves@cisco.com · 03-01-2023

Perhaps give my whitepaper a read and come back if there are further questions: https://community.cisco.com/t5/security-knowledge-base/segmentation-strategy/ta-p/3757424A viewable IP:SGT mapping is control-plane context. You can add static mappings i...

Member Since	‎11-19-2010 07:49 AM
Date Last Visited	‎12-20-2024 01:39 AM
Posts	128
Total Helpful Votes Received	451

User Statistics

User Activity

Fabric-in-a-Box (FIAB) Operation with SXP

Group-Based Policy SXPv5 Guide

Segmentation Strategy

Cisco AI Endpoint Analytics and Cisco ISE Integration

Group-Based Policy Analytics Deployment Guide

Re: Cisco 3650CX SGT not working

Re: SXP configuration

Re: Problem with SGT enforcement on Cat 4500 v3.9 and later

Re: IP-SGT map acquiring in SDA

Re: IP-SGT map acquiring in SDA