Assigning Multiple Tags

frankyyy · December 29, 2020, 10:19pm

Hi

New user of ZT and setting up a small POC. Really enjoying the learning curve!
One of the things i have been struggling to find information on is how/if it is possible to set multiple tags/groups to devices. For example, i have a range of hosts or users and i want to setup tags - eg - sales, it, management etc. Based on those i will setup rules to suit:

sales: allow access to server A on service 1
management: allow access to server B on service 2

In this simple case, some users could belong to both groups.
I suppose the other option i may be seeing to achieve this is through capabilities but interested to hear how others may have achieved similar outcomes.

nuke_bloodaxe · December 30, 2020, 2:40am

Although it is a bit counterintuitive, you can set up individual ZT networks for each group, and join each client machine to the respective network. There’s nothing preventing you joining one machine to multiple Zerotier networks after all; yes, I have done this, it works quite well for segregating servers to specific machines.

From another perspective, you can consider a ZT network to be a VLAN, and you are tagging allowed traffic; except the tag exists as a distinct individual interface on each machine.

frankyyy · December 30, 2020, 8:49am

Hmmm interesting, hadn’t thought about that… will give it some thought, but agree, it does seem counterintuitive.
Definitely not where my thought started, but could work…

Thanks for the input.

system · January 6, 2021, 8:49am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.