cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

554
Views
10
Helpful
4
Replies
Highlighted
Cisco Employee

Pushing IP-SGT mappings to Cisco switch

I am working on ISE 2.2 version . When I tried creating IP-SGT Mapping in ISE I am able to do . However there relies an option to "Deploy to Devices". In this option I am not able to see my network device which I have configured under "network device". Because of this when I try deploying that entry it shows error as "Device not found" . Can you please help me in resolving this issue.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Hi

The IP-SGT bindings from ISE can be pushed to the network via 2 methods:

1) CLI configuration

2) ISE SXP

You seem to be using method-1, which requires you to define the network device’s SSH login credentials so that ISE can configure it for static IP-to-SGT bindings.

Here’s how you do it:

Under ‘Advanced TrustSec Settings’ within the Network Device configuration in ISE, specify the SSH login details:

Screen Shot 2017-04-26 at 9.44.33 AM.png

Then under TrustSec Work center > Components, you should be able to see this network device to push the static IP-to-SGT binding.

Screen Shot 2017-04-26 at 9.45.08 AM.png

4 REPLIES 4
Contributor

Re: Hi

Srinivasan

Please read the document to ensure you have the correct configuration for Trustsec operation.  Also, ensure you have the devices added with the trustsec settings enabled under network devices.  One last thing is check the device compatibility guide for feature support for ISE 2.2

Cisco TrustSec Switch Configuration Guide - Understanding Cisco TrustSec [Cisco Catalyst 6500 Series Switches] - Cisco

Cisco Identity Services Engine Network Component Compatibility, Release 2.2 - Cisco

HTH-

Vince

Cisco Employee

Re: Hi

The IP-SGT bindings from ISE can be pushed to the network via 2 methods:

1) CLI configuration

2) ISE SXP

You seem to be using method-1, which requires you to define the network device’s SSH login credentials so that ISE can configure it for static IP-to-SGT bindings.

Here’s how you do it:

Under ‘Advanced TrustSec Settings’ within the Network Device configuration in ISE, specify the SSH login details:

Screen Shot 2017-04-26 at 9.44.33 AM.png

Then under TrustSec Work center > Components, you should be able to see this network device to push the static IP-to-SGT binding.

Screen Shot 2017-04-26 at 9.45.08 AM.png

Cisco Employee

Re: Hi

Hi Team/Hariprasad,

Thank you for the suggestion.

By following the below steps I am able to find the device in ISE and tried deploying the IP-SGT binding. It got deployed to the device globally.

However my requirement is that, the binding should get deployed to the device for a VRF “sgt”.

In device I have configured VRF “sgt” . In ISE side I have configured the below.

In ISE I have given deployed via as a “sgt” but still it is coming globally. Any suggestion to make it deployed to vrf “sgt”.

Regards,

Srinivasan.N

Advocate

Re: Hi

Srinivasan, rather than a greeting, please post new questions with a relevant topic name such as "Pushing IP-SGT mappings to Cisco switch" or similar so that TMEs and anyone reviewing post have some indication of question topic.  It also facilitates searches and question management.

Regards,

Craig