Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
55
Views
0
Helpful
0
Replies

Default Route SGT

rezaalikhani
VIP
VIP

‎06-09-2025 01:32 AM

Hi all;

I recall sharing a post several months ago regarding the "Default Route SGT" operation in Cisco ISE, as shown below:

https://community.cisco.com/t5/network-access-control/default-route-sgt/td-p/5022705

Recently, I decided to dedicate some time to revisiting TrustSec operations. To do this, I set up a lab environment using Cisco ISE 3.3 Patch 5 and a C8000v router running version 17.15.1a. I configured SXP between the devices, and they are communicating normally via SXP as expected:

rezaalikhani_1-1749455511501.png

rezaalikhani_2-1749455622994.png

Then, I created a new SGT on ISE with the following parameters:

rezaalikhani_0-1749455412453.png

The final step was to create the default route SGT on the router with the following configuration parameters:

rezaalikhani_4-1749457176663.png

rezaalikhani_5-1749457280967.png

As you can see above, the Listener part of the SXP connection from the current neighborship to ISE becomes down.

From ISE perspective:

rezaalikhani_6-1749457409874.png

Now my question is, why creating the default route SGT drops SXP connection (at least from the Listening perspective)?

Thanks

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents