04-21-2011 02:05 AM - edited 03-10-2019 06:00 PM
Hi
I hope that this is the correct place for this Q.
I have setup an ACS 5.2 Server and enaled 802.1X authentication on a 65k running SXI5, as per the following section; Assigning SGT Using IEEE 802.1X User Authentication
The link can be found below;
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/guide_c07-608226.html
I can sucessfully get a PC to authenticate using dot.1x and according to the monitoring on the ACS box, the SGT is passed to the 65k, however when I do a "sho cts role-based sgt-map all", I can't see the SGT passed to the 65k. Is this because I don't have a Nexus to create the sxp link to?
Sorry if this is a noddy Q, but I'm trying to do my best to get to grips with trustsec, but not having a 7k means I'm really struggling.
many thanks
04-21-2011 12:15 PM
A nexus is a mandatory requirement for Trustsec unfortunately indeed.
04-27-2011 04:59 AM
Hi Nicolas
Thanks for taking the time to respond. Although Nexus is needed, if a device authenticates using 802.1x and this is configured for SGT, should the SGT configuration not update on the 65k? This is something that I would presume would happen without the need for the Nexus.
Once again, sorry if this is vague and a very newbie Q.
Many thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide