11-21-2017 06:58 AM - edited 03-11-2019 01:11 AM
Grateful if someone could clarify TrustSec enforcement support on ISR G2. As per the recently updated platform compatibility matrix 6.3 the routers show as SGFW enforcement support only but other routers such as CSR1000v, 4K and some ASR show support for SGACL and SGFW. I notice the SGACL support has been added in the recent Denali or Everest XE releases. Does anyone know if there are plans to add dynamic SGACL download from ISE support for ISR G2 or if the functionality is already available? I am awaiting a change window to test but grateful for any input ahead of this.
I note there is also a change in license requirements between matrix versions 6.2 and 6.3. Enforcement was previously marked as a SEC license feature but recent bulletin shows SGACL can now be used under IP Base/Services license.
Thanks for any responses in advance Scott
Solved! Go to Solution.
11-22-2017 04:11 AM
I managed to find a router to test this with, running latest available IOS from Cisco 15.7(3) and security technology package enabled the enforcement command is not available.
(config)#cts role-based ?
sgt-caching Enable SGT caching
sgt-map Assign Security Group Tag (SGT) to IP host or network address
I will proceed with license upgrade to enable the zone based firewall but useful to know if there are plans to enable SGACL enforcement on the 29XX and 39XX routers to ensure standard deployment in our environment.
Regards
Scott
11-22-2017 04:11 AM
I managed to find a router to test this with, running latest available IOS from Cisco 15.7(3) and security technology package enabled the enforcement command is not available.
(config)#cts role-based ?
sgt-caching Enable SGT caching
sgt-map Assign Security Group Tag (SGT) to IP host or network address
I will proceed with license upgrade to enable the zone based firewall but useful to know if there are plans to enable SGACL enforcement on the 29XX and 39XX routers to ensure standard deployment in our environment.
Regards
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide