cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2736
Views
5
Helpful
2
Replies
Highlighted
Beginner

Trustsec manual propagation between FTD 2120 and Catalyst 2960X

Hi everyone, 

Please may you assist me on how I would propagate SGT's between my FTD 2120 and Catalyst 2960X in the segment I highlighted in the attached snippet.The 2960X switch is classifying the traffic and the FTD 2120 should be enforcing the SGT policy.The challenge in propagation is that the 2960X supports SXP and does not support in-line tagging and the FTD supports in-line tagging, pxGrid and does not support SXP.

 

Regards,

Jay

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Trustsec manual propagation between FTD 2120 and Catalyst 2960X

Hi,
A couple of options that I can think of:-

Are you using ISE to classify and assign SGTs to the connected users on the 2960X switch? If so you can propagate these to the FTD using pxgrid.

Swapout the 2960X for a switch that does support inline tagging.

Alternatively put a ISR/ASR router between the 2960X and the FTD, peer the 2960X with the router to distribute the SGT bindings and then in-line tag from the router to the FTD.

HTH

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor

Re: Trustsec manual propagation between FTD 2120 and Catalyst 2960X

Hi,
A couple of options that I can think of:-

Are you using ISE to classify and assign SGTs to the connected users on the 2960X switch? If so you can propagate these to the FTD using pxgrid.

Swapout the 2960X for a switch that does support inline tagging.

Alternatively put a ISR/ASR router between the 2960X and the FTD, peer the 2960X with the router to distribute the SGT bindings and then in-line tag from the router to the FTD.

HTH

View solution in original post

Highlighted
Beginner

Re: Trustsec manual propagation between FTD 2120 and Catalyst 2960X

Hi,

Sorry for the delay.My environment does not have ISE at the moment so  i  used your second suggestion "Alternatively put a ISR/ASR router between the 2960X and the FTD, peer the 2960X with the router to distribute the SGT bindings and then in-line tag from the router to the FTD" and everything worked out fine.

Thanks a lot