That which is not permitted is denied – make the SDN
switches not transparent learning/forwarding
Cisco APIC configures the ACI policy for traffic
permitted between End Point Groups (EPGs) and for
traffic steering – if not permitted, traffic is dropped
Integrate SDN system with Cisco Identity Services Engine
(ISE) for device profiling, user authentication, SGT,
TrustSec tagging
Traffic steering toward firewall or content filter, security
service insertion between client and server
