We're comparing Cisco SD-addess, Aruba Dynamic Segmentation and couple other options for our new campus. Currently it seems that Aruba is the best way to go. Not too complex, you just manage your switches like access points and do GRE tunnels to the controllerslike you would do with wireless. Or if you choose so, you can just return correct RADIUS parameters and drop the clients to local VLAN and go the traditional way of terminating those VLANs on aggregation switch and mapping them to a VRF.
I'm just curious if anyone is doing dynamic segmentation in production?
And have you seen any issues with tunneling all the traffic to the controller? Or do you only tunnel something like IoT stuff and drop company managed clients to a common VLAN?
Miercom's "independent assesment" (which we all know is far from independent as it's paid by Cisco) bashes dynamic segmentation on that if you enable it, you basically drop half the packets and bandwidth is horrible etc :) I haven't seen any issues yet.
Thanks!
No comments:
Post a Comment