hi my name is Danny the banter and I'm a technical marketing engineer with the enterprise team here in Cisco Cisco Software Defined access enhances control of communications by providing software-defined segmentation and policy enforcement based on endpoint characteristics now whether you've considered or are in the process of deploying as the axis you'll have probably come across terms like macro and micro segmentation in this video we will explain what exactly these terms mean within SD axis as well as show how they are configured in Cisco DNA Center a virtual network also known as a VN is considered the first level of segmentation within the fabric and what is referred to as macro segmentation in essence a VN is basically a vrf within the fabric providing an isolated network when an endpoint is on-boarded to the fabric it is assigned to a VN which is bind to one or more IP address pools now by default v ends cannot communicate with one another but this can be accomplished by using a fusion device which can be a firewall or router there are a few steps on creating a virtual network on Cisco DNA Center first we'll have to create the VN under the policy section well then add that VN to the fabric side and bind an IP pool to it once the changes are saved the configuration will be pushed to the fabric edge devices let's see how this is actually done on Cisco DNA Center and once we've completed it we can take a look at the end result on the fabric edge devices we're on the Cisco DNA Center dashboard and we'll create the VN under the policy go to virtual network and we'll call this V nhr save it once completed we can go to the fabric side that I've pre-configured and if we look closely I have to fabric edge devices here we'll go to the host onboarding section and add that VN that we just created from the policy once that's complete we can now bind an IP pool to the VN I'm going to use a subnet that I've already carved out before call it hr:172 16 10.0 with a / 24 and we'll press update at this time I should now see this VN created on my fabric edge device and as you can see on the monitor a VLAN one zero three one has just appeared here you can see that the VLAN is binded with a vrf of HR v n what we just created and if I look at the VLAN names I can see 1 0 3 1 with that name of the subnet we carved out binded to the VN so in essence when an endpoint is on-boarded to this VLAN it's actually binded to this virtual network that we see here above now that we understand the concept of macro segmentation let's take a further look within the VM when onboarding endpoints to a VM we can manage the level of access control between these endpoints by signing them with scalable group tags also known as sgts this is also considered the second level of segmentation and is referred to as micro segmentation let's take a look at cisco DNA Center and see how these are actually applied on the cisco DNA Center we'll return back to the policy section where we originally created the virtual network HR underscore VN which ours our macro segment and by applying these scalable group tags from the left into the VN we are actually defining micro segmentation the last step would be defining the access control between these scalable group tags this can be done by applying what we call a contract and you can see how this is done by watching our additional videos in our SDA YouTube channel this completes our video be sure to check out our YouTube channels providing additional software-defined topics as well as identity services engine