I wanted to get opinions on setting up Policy domains for our environment. We have a very simple set of requirements which boil down to this:
- a set of policies for Edge Switches
- a different set of policies with very little duplication for Top of Rack switches
- a completely different set of policies for our Core Switches
What is the feeling? Is it better to have ONE policy domain for all switches and only apply the Rules to ports as needed? Or is it better to have three policy domains in our case?
None of the switches would qualify to be in more than one of the domains if we went the multiple domain route.