cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
0
Helpful
0
Replies

TrustSec VLAN SGT Classification issue with 16.3.3

andrewswanson
Level 7
Level 7

Hi

I'm implementing static SGT TrustSec permissions within a particular VLAN - switches used are WS-C3650-48PD running 03.06.05E)

Configuration is below - VLAN 200 is classified with SGT 200 and all traffic between clients in the VLAN is dropped (I also have SGT propogation enabled on the switch uplinks)

cts sgt <SWITCH-SGT>
cts role-based sgt-map vlan-list 200 sgt 200
cts role-based enforcement
cts role-based enforcement vlan-list 200
cts role-based permissions from 200 to 200 DENY-ALL

The switches have device tracking enabled and the above configuration works fine on the WS-C3650-48PD - the output of the command "show cts role-based sgt-map all" shows the clients in VLAN 200 are being tagged with sgt 200.

When I try and apply this configuration to WS-C3650-48FQM switches running 16.3.3, SGT classification fails. These switches also have device tracking enabled but SGT classification still doesn't work - I can assign SGT successfully to a host IP but not to a VLAN.

Any ideas on why I can't classify SGTs with VLANS on WS-C3650-48FQM running 16.3.3?

Thanks
Andy

ps I can only use 16.3.3 on the WS-C3650-48FQM switches because of the bug CSCvc54604

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: