Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
5
Helpful
1
Replies

TrustSec Notifications and Updates

REJR77
Level 1
Level 1

‎04-07-2021 10:03 AM

Hi,

We have 4 ISE (2 PAN/MNT) and 2 PSN and a DNA Center.

SGT are created on DNA center, which informs ISE and then ISE pushes them to the Switches.

All looks fine as we can see SGT on switches, but can't figure out the magic ....

 

I created a SGT on DNAC, and on ISE I use the Push option (top right of the Webui)

 

If I run a TCPDUMP on the PSN I see that the SGT list is learnt by the NAD

If I run a TCPDUMP on the PAN, I see a CoA from the PAN to the NAD with something like "update-cts-environment-data" (but no SGT list).=> what i the need for this?

 

Is there a dcumentation that explain the role of each component PSN/PAN in the SGT Notifications and updates.

 

Thanks

 

 

 

0 Helpful
1 Reply 1

Xividar
Level 1
Level 1

‎04-07-2021 10:11 AM

There are quite a few commands with CTS; three of the most useful are; in terms of the inner workings though - I haven't found a singe document that covers everything though.

 

show authentication sessions interface
show cts environmental-data
sh cts role-based sgt-map all
sh cts role-based permission

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents