Virtual networks are isolated routing and switching environments. You can use virtual networks to segment your physical network
into multiple logical networks.
Only the assigned user groups are allowed to enter a virtual network. Within a virtual network, users and devices can communicate
with each other unless explicitly blocked by an access policy. Users across different virtual networks cannot communicate
with each other. However, an exception policy can be created to allow some users to communicate across different virtual networks.
A typical use case is building management, where the user community needs to be segmented from building systems, such as lighting;
heating, ventilation, and air conditioning (HVAC) systems; and security systems. In this case, you segment the user community
and the building systems into two or more virtual networks to block unauthorized access of the building systems.
A virtual network may span across multiple site locations and across network domains (wireless, campus, and WAN).
By default, Cisco DNA Center has a single virtual network, and all users and endpoints belong to this virtual network. If Cisco DNA Center is integrated with Cisco Identity Services Engine (ISE), the default virtual network is populated with user groups and endpoints
from Cisco ISE.
In Cisco DNA Center, the concept of virtual network is common across wireless, campus, and WAN networks. When a virtual network is created, it
can be associated with sites that have any combination of wireless, wired, or WAN deployments. For example, if a site has
a campus fabric deployed that includes wireless and wired devices, the virtual network creation process triggers the creation
of the Service Set Identifier (SSID) and Virtual Routing and Forwarding (VRF) in the campus fabric. If the site also has WAN
fabric deployed, the VRF extends from the campus to WAN as well.
During site design and initial configuration, you can add wireless devices, wired switches, and WAN routers to the site. Cisco DNA Center detects that the virtual network and the associated policies have been created for the site, and applies them to the different