Active IPv4-SGT Bindings Information Cache

ifabrizio · ‎05-22-2024

Dear All,

I have setup a Trustsec test network, All seems works well, but I have made a mistake on one of two PC belonging to different SGT group. I have configured the wrong ipv4 **bleep**. So when correct the error and confugured the PC with the right ip **bleep**, I see that on the switch where this Pc was connected the IPV4-SGT binding about the wrong ip **bleep** still remain:

Active IPv4-SGT Bindings Information

IP **bleep** SGT Source
============================================
10.20.28.0/22 2000 CLI
10.20.110.0/23 2000 CLI
10.20.124.0/24 2000 CLI
10.20.232.0/24 2000 CLI
10.20.239.0/24 2 CLI
10.20.239.253 2 INTERNAL
10.20.248.11 16 LOCAL <----Right ipv4 **bleep**
10.20.248.166 16 LOCAL <---Wrong ipv4 **bleep**
10.20.254.0/24 2000 CLI

There is somthing messing in the swtch configuration about the SGT cache? I leave all sgt cache settings to the defaults. the switch is a 9300 (CAT9K_IOSXE), Version 17.9.4.

Bye,

JF.

Rob Ingram · ‎05-22-2024

@ifabrizio those are LOCAL bindings - LOCAL: Bindings of authenticated hosts which are learned via EPM and device tracking. This type of binding also include individual hosts that are learned via ARP snooping on L2 [I]PM configured ports.

Clear the ARP?

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-10/configuration_guide/cts/b_1710_cts_9200_cg/cisco_trustsec_sgt_mapping.html

dbrittin · ‎05-22-2024

@ifabrizio We've removed the spam filter that replaced words in your post. Would you please edit your post to add them back so the community has the right context. So sorry for the inconvenience!