Solved: Subnet to SGT mapping on ISE

Antonio Macia · ‎05-23-2022

Hi,

Although I can statically map a subnet to an SGT on the "IP SGT Static Mapping" section on ISE, this is not been advertised via SXP to the devices, only /32 IPs are advertised. It is not possible to publish /24 subnets?

Regards,

andrewswanson · ‎05-23-2022

What version of SXP are you using? Cisco documentation states:

SXP Version 3
Adds support for Subnet-SGT binding propagation. If speaking to a lower version then the subnet will be expanded to individual IP-SGT entries.

N.B. Subnet expansion needs to be enabled by the use of "cts sxp mapping network-map x" where x is the maximum number of host expansions and x=0 means no expansion

hth
Andy

View solution in original post

andrewswanson · ‎05-23-2022

What version of SXP are you using? Cisco documentation states:

SXP Version 3
Adds support for Subnet-SGT binding propagation. If speaking to a lower version then the subnet will be expanded to individual IP-SGT entries.

N.B. Subnet expansion needs to be enabled by the use of "cts sxp mapping network-map x" where x is the maximum number of host expansions and x=0 means no expansion

hth
Andy

Antonio Macia · ‎05-24-2022

Thx @andrewswanson, you're right. I confirmed with a Cat9300 that subnets are advertised running SXP ver 4.

I first tried with an old ASA version compatible with version 2 only .