SGT TrustSec Implementation for Wifi Clients

waheedullah Bahaduri · ‎01-12-2015

Hello Experts,

I am in ordering process of new equipments for a project where we need Wireless-PCs connected to Cisco-APs---->Cisco WLC--->Cisco Switch-->>FW Gateway

We also have Cisco ISE for AAA, and SGT assignment

My question is: To be able to assign/classify SGT for wireless-pcs and to further propagate the SGTs to the peer Switch and FW. what exact WLC series I should get ? I have chosen Cisco WLC-2500, is that a correct ITEM ?

Can you please also give me alittle details what really (Inline-SGT-Tagging) means. WLC-2500 does not support that feature, is that really needed for this project implementation ??

Thanks for advices

Waheed

mohanak · ‎01-21-2015

No it won't support Inline SGT tagging

Cisco TrustSec Platform Support Matrix

System Component

Platform

Solution Minimum Version

Solution-Level Validated Version

Security Group Tag (SGT) Classification

SGT Exchange Protocol (SXP) Support and Version

Inline SGT Tagging

SGT Enforcement

Cisco Wireless Controllers	Cisco 5500 Series and 2500 Series; Cisco Wireless Services Module 2 (WiSM2); and Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (WLCM2) (WLC 7500, 8500 and vWLC do not support Cisco TrustSec)	Cisco AireOS 7.4	Cisco AireOS 7.5.102	Dynamic	S v2	No	No
Cisco Wireless Controllers

http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html

Imran Ahmad · ‎01-21-2015

Hi Mohanak

Can I use WLC-2500 to classify Wireless clients packets and further propagate it to my Cisco Switch using SXP protocol ?

In the Metrix- it is written that WLC-2500 support Dynamic SGT Classification . please let me know what it means ?

Thanks,

Waheed