cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
1
Replies

SGT limitation in 3750X

Antonio Macia
Level 3
Level 3

Hello,

 

Per the Trustsec documentation here, there is a restriction in the 3750X and SGT:

 

"Cisco TrustSec enforcement is supported on only eight or fewer VLANs on a VLAN-trunk link. If more than eight VLANs are configured on a VLAN-trunk link and Cisco TrustSec enforcement is enabled on those VLANs, the switch ports on those VLAN-trunk links will be errordisabled"

 

So, I pressume that if I enable intra-vlan enforcement for more than 8 x VLANs spanning among different switches the trunk will go to errordisable, right? Anybody experimented this?

 

Regards.

1 Accepted Solution

Accepted Solutions

jeaves@cisco.com
Cisco Employee
Cisco Employee

Hi,

yes, if you have a trunk between 2 3750x switches and you're enforcing on those VLAN's (to provide intra-VLAN enforcement), then you can only have up to 8 VLANs on that trunk otherwise you'll see err-disable.

Bear in mind that there is another limitation in that you can only have 1 SGT per VLAN per Port when enforcing on this platform. So you can have a PC behind a phone on a port because they will be on different VLAN's but you cannot have multi-auth with 2 PC's being assigned different SGT's.

View solution in original post

1 Reply 1

jeaves@cisco.com
Cisco Employee
Cisco Employee

Hi,

yes, if you have a trunk between 2 3750x switches and you're enforcing on those VLAN's (to provide intra-VLAN enforcement), then you can only have up to 8 VLANs on that trunk otherwise you'll see err-disable.

Bear in mind that there is another limitation in that you can only have 1 SGT per VLAN per Port when enforcing on this platform. So you can have a PC behind a phone on a port because they will be on different VLAN's but you cannot have multi-auth with 2 PC's being assigned different SGT's.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: