https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777742#M251854 <P>What is everyone doing to get SGT tags applied to clients authenticating 8021x via ISE? We recently migrated to WLC9800's, I have gone through the TrustSec config section of the WLC. My WLC's are aware of the SGT's mappings from ISE, but none of my clients are getting assigned any tag. FYI, any client authenticating NOT through the WLC, SGT's are working. Anyway, I worked through the limited documentation there is for using the inline tagging off the flex profile, but that hasn't solved any issues. Just curious for now, how others are getting their wireless clients tagged. My environment is WLC9800 with 1852 AP's in flex mode.</P> Fri, 17 Feb 2023 22:00:45 GMT MattMH 2023-02-17T22:00:45Z https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777742#M251854 <P>What is everyone doing to get SGT tags applied to clients authenticating 8021x via ISE? We recently migrated to WLC9800's, I have gone through the TrustSec config section of the WLC. My WLC's are aware of the SGT's mappings from ISE, but none of my clients are getting assigned any tag. FYI, any client authenticating NOT through the WLC, SGT's are working. Anyway, I worked through the limited documentation there is for using the inline tagging off the flex profile, but that hasn't solved any issues. Just curious for now, how others are getting their wireless clients tagged. My environment is WLC9800 with 1852 AP's in flex mode.</P> Fri, 17 Feb 2023 22:00:45 GMT https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777742#M251854 MattMH 2023-02-17T22:00:45Z https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777750#M251856 <P>how is your config looks like:</P> <P>check below guide :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html</A></P> Fri, 17 Feb 2023 22:08:12 GMT https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777750#M251856 balaji.bandi 2023-02-17T22:08:12Z https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777764#M251857 <P>Thanks. I followed this document when setting up the WLC. So, our implementation follows this almost exactly. However, none of our clients connecting through the WLC are getting a security group (SGT) assigned to them from ISE. FlexConnect works as expected. This is the document that I found with re to inline tagging. However, still not providing me with a solution nor what I expect to see as far as ISE authentication. Non wireless clients are assigned a security group tag to align with our TrustSec implementation.</P><P>&nbsp;</P><P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/cisco-trustsec.html#id_86165" target="_blank">Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE Gibraltar 16.10.x - Cisco TrustSec [Cisco Catalyst 9800 Series Wireless Controllers] - Cisco</A></P> Fri, 17 Feb 2023 22:58:37 GMT https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4777764#M251857 MattMH 2023-02-17T22:58:37Z https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4781559#M252120 <P>Could this be my issue? The switch that my vWLC is connected to runs NX-OS, which cannot be enabled for CTS/SXP. So when it says to peer with the upstream switch, assuming that has to be aware of the SGT's on your network.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MattMH_0-1677173216902.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/177252i7938693539BCFC1C/image-size/medium?v=v2&amp;px=400" role="button" title="MattMH_0-1677173216902.png" alt="MattMH_0-1677173216902.png" /></span></P><P>&nbsp;</P> Thu, 23 Feb 2023 17:29:34 GMT https://community.cisco.com/t5/wireless/trustsec-sgt-mapping-for-wlc9800-clients/m-p/4781559#M252120 MattMH 2023-02-23T17:29:34Z