Juniper Mist AI for Wired uses group-based policy (GBP) to enforce segmentation within a single VRF, without requiring separate VRFs per user group. GBP tags classify endpoints logically (e.g., employees, guests, IoT devices) and enforce security rules across the EVPN-VXLAN fabric.
“Group-Based Policy (GBP) provides scalable segmentation by assigning tags to endpoints based on attributes such as user type, role, or device type. These GBP tags are then used in policies to control communication between groups.”
Option A is inefficient: assigning unique tags per endpoint is not scalable.
Option C is incorrect: GBP is identity-based segmentation, not location-based.
Option D is incorrect: assigning a single tag defeats the purpose of segmentation.
Option B is correct: the best practice is to assign GBP tags based on endpoint type (e.g., servers, staff, IoT, guests), which then drives policy enforcement.
[References:, , Juniper Mist AI for Wired – Group-Based Policy (GBP) Configuration Guide, , Juniper Validated Design – GBP with EVPN-VXLAN in Campus Fabrics, , ===========, , ]
