1 Reply Latest reply: Dec 15, 2017 2:52 PM by csolder RSS

SD-Access without TrustSec

jose.tamayo.segarra

Hi everyone,

 

For SD-Access, the nice cool feature is having a software policy-based LAN segmentation. This needs, of source, a TrustSec-ready ISE, a TrustSec security policy and all.

 

How will SD-Access behave without TrustSec? Does it make sense to propose SD-Access without TrustSec?

  • 1. Re: SD-Access without TrustSec
    csolder

    Hi Jose

    In the current implementation of SD-Access, ISE is a mandatory element in the solution. We use ISE to not only authenticate and authorize the on-boarding of hosts into the SD-Access fabric, but also to push policy to the fabric edge nodes that is eventually carried in users data packets as they traverse the fabric. While policy is defined in the DNA-C UI, the actual policy is stored in ISE. Net-Net you will need to include ISE in any SD-Access deployments that you plan.