Cisco Group Based Policy Platform and Capability Matrix Release 6.4
|
|
- Dwain Barker
- 5 years ago
- Views:
Transcription
1 Group d Policy Platform and Capability Matrix Release 6.4 (inclusive of TrustSec Software-Defined Segmentation) Group d Policy (also known as TrustSec Software-Defined Segmentation) uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control policies in a scalable manner using the capabilities detailed below. This document summarizes the platforms and that are validated in the Group d Policy testing. It is in current with the validation program for Release 6.4. Table 1 provides cross-platform group-based policy exchange interoperability testing results. Application Centric Infrastructure (ACI) and Group d Policy integration enables customers to apply consistent security policy across the enterprise- leveraging user roles and device type together with application context. The validated Open Source Open Daylight SDN use case included Nexus 7k SXPv3, ASA SXPv3, and OpenDaylight SXPv4 (Nitrogen and earlier releases) working together in the Data Center. Table 1. TrustSec Group-d Policy (GBP) Interoperability Platform Solution-Level Group Information Exchange Interoperability Platform & Propagation method Nexus 9000 Switches Application Policy Infrastructure Data Center Open Daylight SDN controller 9000 : Spine & Leaf APIC-DC ODL SDN NX-OS 11.3(2f) APIC-DC 2.3 Data Plane APIC-DC 1.3(1g) Policy plane; Lithium, Beryllium, Carbon EndPoint Group Mappings via TrustSec-ACI policy and data plane exchange via SXP v4 ISE 2.1, 2.2- ACI API ISE 2.1- SXP v4 Nexus SXP v3 ASA SXP v3 Open Daylight SDN controller ODL SDN Nitrogen IPv4, IPv6 SXP Peering ISE 2.4 ASR 1001-X IOS XE b CSR 1000v IOS XE Cat 6500 IOS 15.4(1)SY2 Cat 3850 IOS 3.6.8E In Tables 2 and 3, Platform Support Matrix, Dynamic classification includes IEEE 802.1X, MAC Authentication Bypass (MAB), Web Authentication (Web Auth), and Easy Connect. IP to, VLAN to, subnet to, port profile to, L2IF to, and L3IF to use the static classification method. DNA Premier is a simple and economical solution for deploying branch and campus switches and wireless access points. It offers an uncompromised user experience in a highly secure and feature-rich access infrastructure and simplify the licensing requirements for Group d Policy deployment. DNA Advantage Network Advantage hardware licenses and/or its affiliates. All rights reserved. This document is Public Information. Page 1 of 11
2 Solution-level validated versions listed in the tables below may not always represent the latest available platform version and feature set. Releases may encounter issues in other subsystems and be deferred. For latest platform firmware version and feature set, refer to product release notes. As an aid to deployment, products are grouped into Tier I, II, and III with regard to feedback on design and deployment. Tier I products have full Group d Policy functionality with few caveats, and they are common components in successful deployments. Tier II products have full Group d Policy functionality but there are some caveats involved in their deployment. Tier III do not have full Group d Policy functionality and and SXP based Propagation only. These products tend to be older with a less rich feature set and more caveats to consider when deploying. Security products are not listed in a tier. End of Sale Products are listed in Table 3. is ed on several platforms but not all are listed in the matrix pending review of solution test verification. Table 2. Group d Policy Platform Support Matrix Plus LAN K9 - IOS, VLAN to, Subnet to C LAN K9 - IOS, VLAN to, Subnet to CX LAN K9 - IOS 15.2(3)E, VLAN to, Subnet to X LAN K9 IOS 15.2(2)E IOS, VLAN to, Subnet to XR IP Lite K9 IOS 15.2(2)E IOS, VLAN to, Subnet to and 3850 ONE IOS XE 3.7.4E 3.6.8E 3.6.6E IOS XE 3.6.4E (v4,v6), VLAN to, Port to, Subnet to, L3IF to, over ; over MACsec ( ) (3.6.6E) Netflow 3650 and 3850 ONE & above IOS XE Denali IOS XE Denali (v4,v6), VLAN to, Port to, Subnet to, L3IF to, over ; over MACsec; over, XS ONE IOS XE IOS XE 3.7.4, VLAN to, Port to, Subnet to, L3IF to, over te5 ; over MACsec 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 2 of 11
3 CX IOS 15.2(3)E IOS 15.2(4)E (v4, v6), VLAN to, Subnet to, te C/CG IOS 15.0(1)SE2 IOS 15.2(2)E, VLAN to, Subnet to, E- Engine 8-E and 8L-E ONE IOS XE 3.7.1E IOS XE 3.6.0E 3.8.0E- (v4, v6), VLAN to, Port to, Subnet to (Src & Dst), L3IF to te12, over ; over MACsec (See note 2 for ed line cards) Netflow X ONE IOS XE 3.6.3E IOS XE 3.5.1E 3.8.0Elogging (v4,v6), VLAN to, Port to, Subnet to (Src & Dst), L3IF to te12, over ; over MACsec E- Engine 7-E and 7L-E ONE IOS XE 3.7.1E IOS XE 3.5.1E, VLAN to, Subnet to, L3IF to, Port to te12, over ; over MACsec (See note 2 for ed line cards) [3.8.0E] Netflow 4500 E- Engine 6-E and 6L-E; IOS 15.1(1)SG IOS 15.1(1)SG te12, Engine 2T & 6T 6807-XL 2T: IP K9 6T: IP K9 IOS 15.4(1)SY2 15.2(1)SY (1)SY0a Sup 6T IOS 15.4(1)SY1 IOS 15.2(1)SY0a Sup 6T IOS 15.4(1)SY1 (v4, v6), VLAN to, Port to, Subnet to (v4,v6), L3IF-to- (v4,v6), over & over MACsec ed on: WS-X69xx modules, C P10G/G- XL, C P10G/G- XL, C6800-8P10G/G-XL; over (IPv4, IPv6),, Caching Netflow 6880-X, 6840-X (incl 6816-X-LE), and 6800ia ONE IOS 15.2(2)SY2, 15.2(1)SY0a, 15.2(3a)E IOS 15.2(1)SY0a (v4, v6), VLAN to, Port to, Subnet to (v4,v6), L3IF-to- (v4,v6), over ; over MACsec (IPv4, IPv6),, Caching Netflow 6500 Engine 32 and 720 IOS 12.2(33)SXJ2 IOS 15.1(2)SY1, 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 3 of 11
4 Network Advantage IOS XE Everest SMU IOS XE Everest SMU (te 10) Dynamic, IP to, VLAN to, Port to, Subnet to, L3IF to, over over, _ Netflow Engine-1 & -1XL Network Advantage IOS XE , IOS XE Everest SMU (te 10) , VLAN to, Port to, Subnet to, L3IF to, over over, _ Caching Netflow Network Advantage IOS XE Everest SMU IOS XE Everest SMU (te 10), VLAN to, Port to, Subnet to, L3IF to, over over te13 _ Caching Netflow Connected Grid CGR IOS 15.5(2)T IOS 15.4(1)T Dynamic, IP to, VLAN to, over over IPsec VPN CGS 2500 Connected Grid Switch - IOS 15.2(3)EA IOS 15.0(2)EK1, VLAN to, Port to, Subnet to, Industrial Switches IE 2000 & 2000U IE 3000 LAN IOS 15.2(3)EA IE2000U: IOS 15.2(3)E3 IOS 15.2(1)EY IE2000U: IOS 15.2(3)E3, VLAN to, Subnet to, IE 4000 LAN ; IP for oe & IOS 15.2(4)EA, 15.2(5)E IOS 15.2(5)E, VLAN to, Subnet to te11 over te16 IE 5000 LAN ; IP for oe & IOS 15.2(2)EB1, 15.2(5)E IOS 15.2(5)E1, VLAN to, Subnet to te11 over on1g & 10G interfaces only te16 Access Points 1700, 2700, 3700, AP (Wave 1) - AireOS AireOS Dynamic, te6 over te6 1815, 1830, 1850, 2800, 3800 AP (Wave 2) - AireOS AireOS Dynamic, te6 over te and/or its affiliates. All rights reserved. This document is Public Information. Page 4 of 11
5 AireOS AireOS Dynamic v2 over AireOS AireOS Dynamic v2 over 3504 vwlc - AireOS - AireOS AireOS AireOS Dynamic v2 over (Centralized mode) Supports AP in Centralized and Flex Connect mode) Dynamic v2 Supports APs in Flex mode only 5500 (5508,5520) 2500 (2504) - AireOS , 30.0 AireOS 30.0 Dynamic V (8540,8510) - AireOS (pre 8.4) AireOS 8.1 Dynamic V2 Nexus 7000 Nexus 7000 with M3- modules License NX-OS 6.1 and NX-OS 8.1(2), 8.1(1), 8.0(1) (0)D1(1) [logging, monitor mode], 7.2(0)D1(1) NX-OS 8.0(1) IP to 1, Port Profile to, VLAN to 2, Port to 2 Subnet to 5 te14, over 5 ; over MACsec; over 5 : F3 interoperability M3 no propagatesgt l2 control command & logging Nexus 7000 with M2- modules License NX-OS 6.1 and NX-OS 8.1(1), 8.0(1) 7.3(0)D1(1) [ & limited logging], 7.2(0)D1(1) NX-OS 8.0(1) IP to 1, Port Profile to, VLAN to 2, Port to 2 Subnet to 5 te14 1 :FabricPath 6.2(10) or, over 5 ; over MACsec 5 : M2 cannot link to F3 module. & limited logging 2 VPC/VPC+ 7.2(0)D1(1) or 5 Subnet to 7.3(0)D1(1) or 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 5 of 11
6 Platform License Solution-Level Nexus 7000 Nexus 7700 F- te4 modules F3 modules do not tagging with other products unless these products the tagging exemption feature for Layer 2 protocols. M3 series this by enabling no propagate-sgt l2-control command. License NX-OS 6.1 and NX-OS 8.1(1), 8.0(1) 7.3(0)D1(1), 7.2(0)D1(1) NX-OS 8.0(1) IP to 1, Port Profile to, VLAN to 2, Port to 2 Subnet to 5 te14 1 :FabricPath 6.2(10) or 2 VPC/VPC+ 7.2(0)D1(1) or 5 Subnet to 7.3(0)D1(1) or, over 35 ; over MACsec 4 3 : F3 interfaces (L2 or L3) require 802.1Q or FabricPath 4 : F2e (Copper) all ports; F2e (SFP) & F3 (10G)- last 8 ports; All others- no 5 : t ed between F3 and either M2 or F2e Nexus 5000, 6000 Nexus 6000/5600 Nexus 5548P, 5548UP, and 5596UP - NX-OS 7.1(0)N1(1a) - NX-OS 7.0(5)N1(1) NX-OS 7.0(1)N1(1) NX-OS 6.0(2)N2(6) Port to Port to V1 V1 1 1 : FabricPath over over te16 te16 Nexus 1000 Nexus 1000V for VMware vsphere Advanced license for oe/ NX-OS 5.2(1)S(3.1) [] 5.2(1)S(1.3) NX-OS Dynamic (802.1x) 5.2(1)S (1.1) te15, IP to, Port Profile to, v4 v1 (prior to 5.2(1)S(3.1) over te9 Nexus 1000VE Virtual Edge Advanced license for NX-OS 5.2(1)SV5(1.1) NX-OS Port Profile to 5.2(1)SV5(1.1), IP to, v4 Integrated (ISR) 4000 ISR 4431, 4451-X, 4321, 4331, 4351 IP /K9 propagate, ; for SG FW enforcement IOS XE Denali , Everest IOS XE Denali IP to, Subnet to, L3IF to, over, over, or IPsec VPN & based Caching based ISRv IP /K9 propagate, IOS XE Denali IOS XE Denali IP to, Subnet to, L3IF to, over, over IPsec VPN, & 890, 1900, 2900, 3900 IP /K9 for SG FW enforcement 890: IOS 15.4(1)T1 IOS 15.4(3)M 1900/2900/390 0: IOS 15.5(1)20T IOS 15.4(3)M 890: IOS 15.4(3)M 1900/2900/39 00: IOS 15.6(1)T IP to, Subnet to, L3IF to, over (no on ISR G2-800 ), over, or IPsec VPN (890: services) based Caching based 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 6 of 11
7 Integrated (ISR) 4000 (ISR 4451-X validated) IP /K9 for SG FW enforcement IOS XE S IOS XE S IP to, Subnet to, L3IF to, over, over, or IPsec VPN based Caching based Netflow SM-X Layer 2/3 EtherSwitch Module IP /K9 IOS T IOS 15.2(2)E, VLAN to, over ; over MACsec Cloud CSR 1000V IP /K9 propagate, ; IOS XE Denali , Everest IOS XE Denali IP to, Subnet to, L3IF to, over, over IPsec VPN, & Cloud 1000V (CSR) IP /K9 for enforcement IOS XE S IOS XE S IP to, Subnet to, L3IF to, over, over IPsec VPN, based Caching Netflow Aggregation (ASR) ASR 1004, 1006, 1013, 1001-X, X,1002-HX, 1006-X, and 1009-X IP /K9 propagate, ; for SGFW enforcement IOS XE b Denali , Everest IOS XE Denali IP to, Subnet to, L3IF to, over, over, or IPsec VPN & based Caching based ASR 1000 Processor 1 or 2 (RP1, RP2); ASR 1001, 1002,1004, 1006 and 1013 with ESP (10,20, 40, 100, 200) and SIP (10/40) IP /K9 for enforcement IOS XE S IOS S IP to, Subnet to, L3IF to, over, over IPsec VPN, or based (1000 RP2) based Caching Netflow ASR X and 1002-X IP /K9 for enforcement IOS XE S IOS XE S IP to, Subnet to, L3IF to, over, over IPsec VPN, based based Caching Netflow Identity Engine ISE 3515, 3595, 3415, and 3495 Appliance & VMware Plus for pxgrid ISE 2.4, 2.3P1, 2.2, 2.1, 2.0, 1.4 ISE 2.2, Subnet to, pxgrid 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 7 of 11
8 Adaptive Security Appliance ASA ASA 9.0.1, ASDM ASA 9.0.1, ASDM 7.1.6, v2 ASA 5506-X, 5506H-X, 5506W-X, 5508-X, X - ASA ASA, over based ASA 5525-X, 5545-X, 5555-X with FirePower - ASA ASA, over based ASAv - ASA ADSM ASA ASDM, over based NGFW 2100 Threat Defense pxgrid over (src s only) based FP 4100 FP FXOS ASA FXOS ASA 9.6.1, over based Threat Threat Defense Defense 4100 & pxgrid over (src s only) based FTDv Threat & Apps (TA) pxgrid over (src s only) based Industrial Security Appliance ISA ASA ASA 9.6.1, over based 2018 and/or its affiliates. All rights reserved. This document is Public Information. Page 8 of 11
9 Table 3. End of Sale Group d Policy Platform Support Matrix ( ) EOS LAN S and 2960-SF K9 IOS 15.0(2)SE te1 15.2(2)E IOS, VLAN to, Subnet to te E and 3750-E IOS 15.0(2)SE5 IOS 15.0(2)SE5 Dynamic, IP to, VLAN to, V X and 3750-X IOS IOS 15.2(2)E1 (prefix must be 32), VLAN to, Port to (only on switch to switch links) over ; over MACsec (with C3KX-SM- 10G uplink); over te16 (maximum of 8 VLANs on a VLAN-trunk link) IOS 15.1(1)SG IOS 15.1(1)SG, Nexus 7000 Nexus 7000 F2- *** modules License NX-OS 6.1 and NX-OS 7.3(0)D1(1), 7.2(0)D1(1) NX-OS 7.3(0)D1(1) IP to 1, Port Profile to, VLAN to 2, Port to 2 Subnet to 5 1 :FabricPath 6.2(10) or, over ; over MACsec 4 4 : M & F2e (Copper-) all ports; F2e (SFP) - last 8 ports; All others- no 2 VPC/VPC+ 7.2(0)D1(1) or 5 Subnet to 7.3(0)D1(1) or 5760 IOS XE 3.7.1E IOS XE 3.3.1SE, VLAN to, Port to, Subnet to, over Module 2 (WiSM2) - AireOS , 30.0 AireOS 30.0 Dynamic V2 Flex AireOS , 30.0 AireOS 8.3 Dynamic V and/or its affiliates. All rights reserved. This document is Public Information. Page 9 of 11
10 EoS Aggregation (ASR) ASR 1001, 1002 IP /K9 for enforcement IOS XE S IOS S IP to, Subnet to, L3IF to, over, over IPsec VPN, or based (1000 RP2) based Caching Netflow Identity Engine ISE 3315, 3355, 3395, Appliance ISE 1.0, 1.1, 1.2 Adaptive Security Appliance ASA 5510, 5520, 5540, ASA 9.0.1, ASDM ASA 9.0.1, ASDM 7.1.6, v2 ASA 5505 te3, 5512, 5515, 5525, 5545, 5555, ASA 9.3.1, ASDM 7.3.1, CSM 4.8 ASA 9.3.1, ASDM 7.3.1, CSM 4.8, V2 over based ASA X, 5515-X, 5585-X with FirePower - ASA ASA, over based Fire POWER FirePOWER 7000 and 8000 Threat & Apps (TA) FireSIGHT , , , 6.2 FireSIGHT , , over - tes 1: 2960 S/SF Product management recommends 15.0(2)SE which s SXP v2. 2: Product part numbers of ed line cards for over and over MACsec on the 4500 Engine 7-E, 7L-E, 8-E, and 8L-E include the following: WS-X4712-SFP+E, WS-X4712- SFP-E, WS-X4748-UPOE+E, WS-X4748-RJ45V+E, WS-X4748-RJ45- E, WS-X4724-SFP-E, WS-X4748-SFP-E, and WS-X X48U+E. 3: ASA 5505 does not releases after : Nexus 7000 F1- modules do not TrustSec. 5: Use of inline tagging with LACP future IOS XE Denali or IOS 3.7 release (CSCva22545) 6: For SXP, AP must run in FlexConnect Mode 7: With IPv6, DGT can be IPv4. 8: Prior versions of this document listed 3750-X validated version, IOS 12.2(3)E1, and WLC AireOS 8.1. These releases have been deferred. 9: When inline tagging (oe) is enabled with the VIC 12xx and VIC 13xx, packet processing is handled at the processor level which will attribute to lower network I/O performance. An alternative solution is to use Intel adaptors. 10: IOS XE Everest SMU is required for ISE BYOD, Guest, and Posture. See ISE Compatibility Matrix: 11: The IE 4000 and IE 5000 platforms perform similarly to the 3560-X and 3750-X platforms in the reliance on IP Address, MAC Address, and physical port/vlan of the device, learned via dot1x or MAB or IP Device Tracking (IPDT). These devices cannot use information learned via SXP for either enforcement or tag propagation as the device is not directly attached. SXP v4 is ed in mode only and/or its affiliates. All rights reserved. This document is Public Information. Page 10 of 11
11 12: 4500 Release 3.9 and, with the introduction of VRF, an SVI is needed for L3 lookup to derive for switched traffic, and a SVI is also needed on the VLAN for the derivation of source group for L2 traffic. 13: C9500 as a border node does not currently transferring the tag from the header to the CMD field for inline tagging. C9500 outside the fabric s inline tagging 14: The N7K must have an SVI on the VLAN if the mappings reside in the VRF. If N7K is L2 only, create an SVI without IP to be able to utilize the mappings from the VRF. SVI is not required if entered into the VLAN. 15: Dynamic classification with IEEE 802.1x on Nexus 1000V 5.2(1)S(4.1). This is validated with VMware Horizon 7 VDI. 16: Port based platforms cannot do enforcement of policy for remote IP addresses, ie. they can only classify or enforce for IP addresses present in the IPDT table (hosts that are L2 adjacent). Printed in USA C v6.4c 1/ and/or its affiliates. All rights reserved. This document is Public Information. Page 11 of 11
Cisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3
TrustSec Software-Defined Segmentation Platform and Capability Matrix Release 6.3 TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control
More informationCisco TrustSec Software-Defined Segmentation Platform and Capability Matrix
Sales Tool TrustSec Software-Defined Segmentation Platform and Capability Matrix TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control policies
More informationCisco TrustSec Software-Defined Segmentation Release 6.1 System Bulletin
System Bulletin TrustSec Software-Defined Segmentation Release 6.1 System Bulletin Introduction Network segmentation is essential for protecting critical business assets. TrustSec Software Defined Segmentation
More informationCisco TrustSec Software-Defined Segmentation Release 6.1 System Bulletin
System Bulletin TrustSec Software-Defined Segmentation Release 6.1 System Bulletin Introduction Network segmentation is essential for protecting critical business assets. TrustSec Software Defined Segmentation
More informationCisco TrustSec Platform Support Matrix
Sales Tool TrustSec Platform Support Matrix System Component Platform Solution Minimum Solution- Level Validated Classification Control Plane Propagation () (Inline ) MACsec (for WAN) Enforceme nt Identity
More informationCisco TrustSec 4.0:How to Create Campus and Branch-Office Segmentation
Ordering Guide TrustSec 4.0:How to Create Campus and Branch-Office Segmentation Ordering Guide November 2013 2013 and/or its affiliates. All rights reserved. This document is Public Information. Page 1
More informationCisco TrustSec Platform and Capability Matrix
TrustSec and Capability Matrix TrustSec uniquely builds upon your existing identityaware infrastructure by enforcing segmentation and access control policies in a scalable manner using the s detailed below:
More informationTrustSec (NaaS / NaaE)
TrustSec (NaaS / NaaE) per@cisco.com Security on top of the mind for our customers 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered
More informationSupported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.
Cisco Path Trace Application for APIC-EM Supported Platforms, Release 1.5.0.x First Published: 2017-06-23, Release 1.5.0.x This document describes the supported platforms for the Cisco Path Trace, Release
More informationCisco ASA Compatibility
Last Modified: 2018-02-27 This document lists the Cisco software and hardware compatibility and requirements. and ASDM Compatibility Per Model This section lists and ASDM compatibility per model. 9.9 to
More informationSecuring BYOD with Cisco TrustSec Security Group Firewalling
White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity
More informationCisco SD-Access Policy Driven Manageability
BRKCRS-3811 Cisco SD-Access Policy Driven Manageability Victor Moreno, Distinguished Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationSD-Access Wireless: why would you care?
SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress
More informationSoftware-Defined Access 1.0
White Paper Software-Defined Access 1.0 Solution White Paper Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com/ Tel: 408 526-4000 800 553-NETS
More informationTrustSec Configuration Guide. TrustSec with Meraki MS320 Switch Configuration Guide
TrustSec Configuration Guide TrustSec with Meraki MS320 Switch Configuration Guide Table of Contents TrustSec with Meraki MS320 Switch... 3 Introduction... 3 Summary of Operation... 3 Configuration...
More informationTech Update Oktober Rene Andersen / Ib Hansen
Tech Update 10 12 Oktober 2017 Rene Andersen / Ib Hansen DNA Solution Cisco Enterprise Portfolio DNA Center Simple Workflows DESIGN PROVISION POLICY ASSURANCE Identity Services Engine DNA Center APIC-EM
More informationPolicy Defined Segmentation with Cisco TrustSec
Policy Defined Segmentation with Cisco TrustSec Session ID 18PT Rob Bleeker Consulting System Engineer CCIE #: 2926 Abstract This session will explain how TrustSec Security Group Tagging can be used to
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationChoice of Segmentation and Group Based Policies for Enterprise Networks
Choice of Segmentation and Group Based Policies for Enterprise Networks Hari Holla Technical Marketing Engineer, Cisco ISE BRKCRS-2893 hari_holla /in/hariholla Cisco Spark How Questions? Use Cisco Spark
More informationSoftware-Defined Access 1.0
Software-Defined Access 1.0 What is Cisco Software-Defined Access? The Cisco Software-Defined Access (SD-Access) solution uses Cisco DNA Center to provide intent-based policy, automation, and assurance
More informationCampus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801
Campus Fabric How To Integrate With Your Existing Networks Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o
More informationISE Identity Service Engine
CVP ISE Identity Service Engine Cisco Validated Profile (CVP) Series 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents 1. Profile introduction...
More informationCisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer
Cisco.Network.Intuitive FastLane IT Forum Andreas Korn Systems Engineer 12.10.2017 Ziele dieser Session New Era of Networking - Was ist darunter zu verstehen? Software Defined Access Wie revolutioniert
More informationNetwork as an Enforcer (NaaE) Cisco Services. Network as an Enforcer Cisco and/or its affiliates. All rights reserved.
Network as an Enforcer (NaaE) Cisco Services INTRODUCTION... 6 Overview of Network as an Enforcer... 6 Key Benefits... 6 Audience... 6 Scope... 6... 8 Guidelines and Limitations... 8 Configuring SGACL
More informationExam Questions Demo Cisco. Exam Questions
Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationCisco Software-Defined Access
Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationBuilding an End-End Policy Driven Secure Hybrid Cloud DC Architecture
BRKSEC-2980 Building an End-End Policy Driven Secure Hybrid Cloud DC Architecture David Jansen CCIE #5952 DSE Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationP ART 2. BYOD Design Overview
P ART 2 BYOD Design Overview CHAPTER 2 Summary of Design Overview Revised: August 7, 2013 This part of the CVD describes design considerations to implement a successful BYOD solution and different deployment
More informationTrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points
TrustSec Configuration Guides TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points Table of Contents TrustSec Capabilities on Wireless
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationWe re ready. Are you?
We re ready. Are you? Network as a Sensor and Enforcer Matt Robertson, Technical Marketing Engineer BRKSEC-2026 Why are we here today? Insider Threats Leverage the network Identify and control policy,
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Introduction to The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based
More informationEvolving your Campus Network with. Campus Fabric. Shawn Wargo. Technical Marketing Engineer BRKCRS-3800
Evolving your Campus Network with Campus Fabric Shawn Wargo Technical Marketing Engineer BRKCRS-3800 Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility
More informationCisco Software Defined Access (SDA)
Cisco Software Defined Access (SDA) Transformational Approach to Network Design & Provisioning Sanjay Kumar Regional Manager- ASEAN, Cisco Systems What is network about? Source: google.de images Security
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 3650 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationEnabling Software- Defined Segmentation with TrustSec
Enabling Software- Defined Segmentation with TrustSec Fay-Ann Lee Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationCisco TrustSec How-To Guide: Phased Deployment Overview
Cisco TrustSec How-To Guide: Phased Deployment Overview For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2
More informationEnterprise Network Segmentation with Cisco TrustSec
Enterprise Network Segmentation with Cisco TrustSec Hariprasad Holla @hari_holla Abstract This session provides an overview of the Cisco TrustSec solution for Enterprise network segmentation and Role-Based
More informationSoftware-Defined Access Wireless
Introduction to, page 1 Configuring SD-Access Wireless (CLI), page 7 Enabling SD-Access Wireless (GUI), page 8 Configuring SD-Access Wireless VNID (GUI), page 9 Configuring SD-Access Wireless WLAN (GUI),
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationSecurity? where to? Adrian Aron. Consultant Systems Engineer. 19 Oct
Security? where to? Adrian Aron Consultant Systems Engineer 19 Oct Agenda Industry shift and trends Router security, switch security OpenDNS Integration and automation Q&A Road from task to implementation
More informationCisco ONE Software Overview. October 2017
Cisco ONE Software Overview October 2017 Agenda Why Cisco ONE Software and the Outcome Offers and Use Case Access (Wireless and Switching) WAN Cloud and Compute DC Networking Smart Accounts Resources Cisco
More informationSD-Access Segmentation Design Guide
CISCO VALIDATD DSIGN SD-Access Segmentation Design Guide May 2018 Table of Contents Table of Contents Introduction... 1 Intent-based networking and segmentation... 2 Understanding virtual networks and
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationCisco TrustSec How-To Guide: Monitor Mode
Cisco TrustSec How-To Guide: Monitor Mode For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...
More informationCampus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Campus Fabric Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationSoftware-Defined Access Design Guide
Cisco Validated design Software-Defined Access Design Guide December 2017 Solution 1.1 Table of Contents Table of Contents Cisco Digital Network Architecture and Software-Defined Access Introduction...
More informationCisco HyperFlex Systems
White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data
More informationThere are two ways for a sensor device to detect the Security Group Tag (SGT) assigned to the traffic:
Contents Introduction Components Used Overview The User-IP Mapping Method The Inline Tagging Method Troubleshooting From the Restricted Shell of a Firepower Device From the Expert Mode of a Firepower Device
More informationCisco TrustSec Quick Start Configuration Guide
Cisco TrustSec Quick Start Configuration Guide Table of Contents Introduction... 5 Using This Guide... 5 Baseline ISE Configuration for TrustSec... 7 Active Directory Integration (optional)... 7 Defining
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationDNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationTransforming the Network for the Digital Business
Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationThe Context Aware Network A Holistic Approach to BYOD
The Context Aware Network A Holistic Approach to BYOD Trends Bring Your Own Device BYOD at Cisco Cisco BYOD Solution Use Cases Summary Trends #CiscoPlusCA Demand for Mobility 15 billion new networked mobile
More informationCatalyst update & Local Manufactory. João Castanho, System Engineer Comstor
Catalyst update & Local Manufactory João Castanho, System Engineer Comstor Joao.castanho@comstor.com Agenda Unified Access Catalyst 2960 (PLUS / S / SF / X / XR) Catalyst 3560X / 3650 / 3750X / 3850 Catalyst
More informationDesign Guide: Deploying NSX for vsphere with Cisco ACI as Underlay
Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay Table of Contents Executive Summary... 2 Benefits of NSX Architecture... 4 2.1 NSX Primary Use Cases... 4 2.2 Logical Layer Connectivity...
More informationCisco SD-WAN and DNA-C
Cisco SD-WAN and DNA-C SD-WAN Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent
More informationCisco TrustSec How-To Guide: Central Web Authentication
Cisco TrustSec How-To Guide: Central Web Authentication For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 1
More informationExam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.
Exam Code: 700-303 Number: 700-303 Passing Score: 800 Time Limit: 120 min File Version: 41.2 http://www.gratisexam.com/ Exam Code: 700-303 Exam Name: Advanced Borderless Network Architecture Systems Engineer
More informationCiprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.
Ciprian Stroe Senior Presales Consultant, CCIE#45766 2015 Cisco and/or its affiliates. All rights reserved. Complete cloud-managed networking solution Wireless, switching, security, MDM Integrated hardware,
More informationSECURE NETWORK ACCESS
SECURE NETWORK ACCESS The Security Problem Changing Business Models Dynamic Threat Landscape Complexity & Fragmentation 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confiden5al 3 Mobility
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1350BUR Deploying NSX on a Cisco Infrastructure Jacob Rapp jrapp@vmware.com Paul A. Mancuso pmancuso@vmware.com #VMworld #NET1350BUR Disclaimer This presentation may contain product features that are
More informationCisco Software-Defined Access
Cisco Software-Defined Access Introducing an entirely new era in networking. What if you could give time back to IT? Provide network access in minutes for any user or device to any application-without
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208
More informationCisco Application Centric Infrastructure (ACI) Simulator
Data Sheet Cisco Application Centric Infrastructure (ACI) Simulator Cisco Application Centric Infrastructure Overview Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationNetwork Deployments in Cisco ISE
Cisco ISE Network Architecture, page 1 Cisco ISE Deployment Terminology, page Node Types and Personas in Distributed Deployments, page Standalone and Distributed ISE Deployments, page 4 Distributed Deployment
More information"Charting the Course... Designing Cisco Data Center Infrastructure (DCID) Course Summary
Course Summary Description v6.0 is a five-day instructor-led course that focuses on data center design based on Cisco solutions. The course includes theoretical content, as well as design oriented case
More informationForeScout CounterACT. Network Devices Compatibility Matrix. Updated: October 2018
ForeScout Network Devices Compatibility Matrix Updated: Ocber 2018 ForeScout Network Devices Compatibility Matrix 2 Table of Contents About Network Devices Compatibility... 3 Wired Integrations (es)...
More informationBusiness Resiliency Through Superior Threat Defense
Business Resiliency Through Superior Threat Defense Firepower 2100 Series/ Cisco Identity Services Engine Andre Lambertsen, Consulting Systems Engineer ala@cisco.com Cisco Firepower NGFW Fully Integrated
More informationGlobal vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year
Global vision. Local knowledge. Cisco Forum Kyiv Country Day Month Year Firepower Next Generation Firewall Subtitle goes here William Young Security Solutions Architect, Global Security Architecture Team
More informationWhat s New in Campus Switching
Dubrovnik, Croatia, South East Europe 20-22 May, 2013 What s New in Campus Switching Scott Hodgdon Technical Marketing Engineer Enterprise Backbone Business Unit 2011 2013 Cisco and/or its affiliates.
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationITBraindumps. Latest IT Braindumps study guide
ITBraindumps http://www.itbraindumps.com Latest IT Braindumps study guide Exam : 400-151 Title : CCIE Data Center v2.0 Vendor : Cisco Version : DEMO Get Latest & Valid 400-151 Exam's Question and Answers
More informationACI Fabric Endpoint Learning
White Paper ACI Fabric Endpoint Learning 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 45 Contents Introduction... 3 Goals of this document...
More informationCisco Nexus Data Broker
Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout
More informationCisco Digital Network Architecture Vision for Virtualization
Cisco Digital Network Architecture Vision for Virtualization Cisco Digital Network Architecture Vision for Virtualization 2016 Cisco and/or its affiliates. All rights reserved. As enterprise business processes
More informationPage 2
Page 2 Mgmt-B, vmotion-a vmotion-b VMM-Pool-B_ Connection-B -Set-A Uplink-Set-A Uplink-Set-B ACI-DC Standard Aggregation L3 Switch Configuration for existing Layer 2 : Nexus 6K-01 switch is
More informationCisco ACI Multi-Pod and Service Node Integration
White Paper Cisco ACI Multi-Pod and Service Node Integration 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 68 Contents Introduction... 3 Prerequisites...
More informationCisco Firewall Basics
Cisco Firewall Basics Mark Cairns, Consulting Systems Engineer BRKSEC-1020 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationDNA Campus Fabric. How to Migrate The Existing Network. Kedar Karmarkar - Technical Leader BRKCRS-2801
DNA Campus Fabric How to Migrate The Existing Network Kedar Karmarkar - Technical Leader Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching
More informationDigital Network Architecture for Securing Enterprise Networks
Digital Network Architecture for Securing Enterprise Networks Matt Robertson Evgeny Mirolyubov Technical Marketing Engineers, Advanced Threat Solutions Cisco Spark How Questions? Use Cisco Spark to communicate
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationPradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.
Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc. March 4 th, 2014 2012 2010 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or
More information