https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850404#M1101318 <P>SGT means Security Group Tag (original definition) or Scalable Group Tag (updated term which has not been universally used even within Cisco).</P> <P>An SGT is appended to an Ethernet frame as an identified to allow switches and routers to apply policy (such as an ACL) based on the tag rather than based on the traditional 5-tuple (protocol, source IP, source port, destination IP and destination port).</P> <P>SGTs are technically appealing since they use much fewer hardware resources in the switches and routers. Generally the resource in short supply is TCAM (Tertiary Content Addressable Memory). When we adopt segmentation based on per-port/end device access control, we can quickly run out of available TCAM.</P> Wed, 07 Jun 2023 15:48:29 GMT Marvin Rhoads 2023-06-07T15:48:29Z https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850183#M1101297 <P>What is SGT in Cisco-ISE ?</P> Wed, 07 Jun 2023 11:17:25 GMT https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850183#M1101297 abdullashaik898 2023-06-07T11:17:25Z https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850195#M1101298 <P>Hi</P> <P>&nbsp;In simple words SGT would be a badge a device earn when successfully authenticate on the network</P> <P>The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.</P> <P>&nbsp;You can create access-list based on the SGT and apply the Access-list to&nbsp; switch controlling the traffic using SGT as identification.</P> Wed, 07 Jun 2023 11:30:59 GMT https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850195#M1101298 Flavio Miranda 2023-06-07T11:30:59Z https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850404#M1101318 <P>SGT means Security Group Tag (original definition) or Scalable Group Tag (updated term which has not been universally used even within Cisco).</P> <P>An SGT is appended to an Ethernet frame as an identified to allow switches and routers to apply policy (such as an ACL) based on the tag rather than based on the traditional 5-tuple (protocol, source IP, source port, destination IP and destination port).</P> <P>SGTs are technically appealing since they use much fewer hardware resources in the switches and routers. Generally the resource in short supply is TCAM (Tertiary Content Addressable Memory). When we adopt segmentation based on per-port/end device access control, we can quickly run out of available TCAM.</P> Wed, 07 Jun 2023 15:48:29 GMT https://community.cisco.com/t5/network-security/cisco-ise/m-p/4850404#M1101318 Marvin Rhoads 2023-06-07T15:48:29Z