Chapter 25. Security Group Access

Throughout this book, you have been exposed to many different ways of controlling network access based on the context of a user and device. There is VLAN assignment, in which access is controlled at the Layer 3 edge, or by isolating that VLAN into a segmented virtual network (VRF). Additionally, there is ACL assignment, which can be a local ACL, called into action by a RADIUS attribute, or a downloaded ACL (dACL). These ACLs are applied ingress at the switchport or virtual port in the case of the Wireless LAN Controller (WLC).

These are all good access-control methods, but regulating passage only at the point of network ingress can leave room for a more desirable and scalable solution. This chapter discusses ...

Get Cisco ISE for BYOD and Secure Unified Access now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.