Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1571
Views
10
Helpful
2
Replies
paul
Advocate
Advocate
‎08-03-2021 06:42 AM
‎08-03-2021 06:42 AM

SGT Binding Priority (Interface vs. ISE assigned)

Question on SGT Binding Source Priority. If I statically assign an SGT to a port, but then assign a SGT via ISE how is that resolved. The example would be I want to statically assign to a port but override the static assignment for the phone that may or may not be plugged into that port. I believe static port SGT and ISE assigned SGT fall into the LOCAL category of the SGT Binding Source Priority.

0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
paul
Advocate
Advocate
In response to Greg Gibbs
‎08-05-2021 08:31 AM
‎08-05-2021 08:31 AM

Greg,

 

It works if you use IBNS 2.0 configs:

 


service-templat APPLY-SGT-100
sgt 100
service-templat APPLY-SGT-200
sgt 200
!
policy-map type control subscriber ISE_AUTH_SGT_100
event authentication-success match-all
10 class always do-until-failure
10 activate service-template APPLY-SGT-100
policy-map type control subscriber ISE_AUTH_SGT_200
event authentication-success match-all
10 class always do-until-failure
10 activate service-template APPLY-SGT-200
!
interface gig 1/0/1
service-policy type control subscriber ISE_AUTH_100
interface gig 1/0/2
service-policy type control subscriber ISE_AUTH_200

 

ISE will override those settings if you apply SGT tag in ISE.

View solution in original post

2 REPLIES 2
Greg Gibbs
Cisco Employee
Cisco Employee