cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Firewalls

335
Views
10
Helpful
3
Replies
Rising star

Disable CTS SGT Propagation

By default the interfaces on the FTD have the following:

cts manual

  propagate sgt preserve-untag

  policy static sgt disabled trusted

Is there any way to turn off the propagation of SGT tags?   We are using pxGrid to provide IP to SGT tags that we can use in our ACP.  We have no need to have FTD apply that tag to a packet on egress.  Is it possible to turn that off?

1 ACCEPTED SOLUTION

Accepted Solutions
Participant

Re: Disable CTS SGT Propagation

Hi,

I think you should be able to do it by flexconfig. I see only following command inside interface is blocked from modifying through flexconfig

Interface

Only nameif, mode, shutdown, ip address and mac-addresscommands are blocked.

Firepower Management Center Configuration Guide, Version 6.2 - FlexConfig Policies [Cisco Firepower Management Center] …

3 REPLIES
Participant

Re: Disable CTS SGT Propagation

Hi,

I think you should be able to do it by flexconfig. I see only following command inside interface is blocked from modifying through flexconfig

Interface

Only nameif, mode, shutdown, ip address and mac-addresscommands are blocked.

Firepower Management Center Configuration Guide, Version 6.2 - FlexConfig Policies [Cisco Firepower Management Center] …

Highlighted
Rising star

Re: Disable CTS SGT Propagation

Thanks it worked perfectly:

interface GigabitEthernet1/1

cts manual

no propagate sgt

I haven’t tested to see if that change affected my ability to do SGT based ACP rules, but I would doubt that it does.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

Re: Disable CTS SGT Propagation

Reviving this to let others know that this was a requirement to get traffic to pass from a Firepower 2130 into our Application Centric Infrastructure (ACI) Fabric / Nexus 9ks. ACI was dropping the traffic outright due to the tag on ingress.

HTH

CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions