Cisco TME Jonathan Eaves is back to share more about how to do group-based segmentation policy with ISE.
00:00 Intro
00:18 Prerequisite: Group-Based Segmentation Basics: • Group Based Segmentati...
01:57 Agenda
03:10 Dynamic & Static Classification Methods
07:10 Cisco TrustSec (CTS) Provisioning and Network Device Enrollment
11:12 Unknown Security Group Tag (SGT) 0
13:41 `policy static sgt n trusted`
16:17 Order of Precedence: CMD, dynamic SGT, SXP, static SGT, static subnet, static VLAN
19:39 SGT Environment Data Downloads
21:10 Default Route SGT
22:56 Propagation
23:05 Static Mappings on ISE (SSH & SXP)
25:23 ISE SXP Domains
29:30 Monitor Capture Commands (Cat9K)
31:45 SXP Reflection (speakers and listeners)
34:20 SXP High Availability
37:56 SXP Filters
40:29 SXPv5 Introduction
41:47 SXPv5 Example
44:13 Enforcement
44:18 Monitor Mode
45:47 Logging
46:48 Enforcement Counters
48:04 Cisco 9800 WLC with SGTs Validation
49:28 Resources:
Catalyst Wireless Group-Based Policy Guide: www.cisco.com/...
Cisco Segmentation Strategy Guide: community.cisc...
Group-Based SGT Troubleshooting Guide: community.cisc...
Group-Based SGT RU-vid Channel: / @ciscogroup-basedpolic...
Group-Based Policy Resources: community.cisc...
ISE Resources : cs.co/ise-reso...
ISE Community : cs.co/ise-comm...
ISE Integration Guides : cs.co/ise-guides
ISE Compatibility : cs.co/ise-comp...
ISE Webinars : cs.co/ise-webi...
ISE RU-vid Channel : cs.co/ise-videos
ISE Licensing & Evaluations : cs.co/ise-lice...
ISE in Cisco DevNet: cs.co/ise-devnet
ISE API Reference: cs.co/ise-api
14 окт 2024