cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
931
Views
0
Helpful
1
Replies

Security Group Tagging without ISE - one which device?

kevinm123
Level 1
Level 1

If I have a TrustSec domain set up, and want to utilise IP-SGT mappings by using the "cts role-based sgt-map {ip} sgt <sgt-id-number>" commands - on what device do these commands need to get executed?

 

I have been researching this a lot in Cisco documentation but cannot find a clear answer. I am either referred to configuring ISE (which I don't have), or using the command (eg. http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/ident-conn_config.html#wp1055308). However, no document I have found actually tells me on which device this should be executed? Can it be on any switch in the TrustSec domain? Must it be on a seed device? On the authentication server?   (this is especially relevant when the access switch to which the host that I'm applying the SGT to, is not part of the TrustSec domain itself).

 

Any ideas what I am missing?

1 Reply 1

mohanak
Cisco Employee
Cisco Employee

Please refer

Cisco TrustSec- Facilitated Infrastructure

Cisco TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing these policies in a scalable manner with the innovative Cisco Security Group Access (SGA) and Device Sensors. It also helps to ensure complete data confidentiality using ubiquitous encryption between network devices with MAC sec encryption

http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: