06-06-2016 05:41 AM - edited 03-10-2019 11:50 PM
Hello,
I'm currently setting up a lab / PoC environment for one of my customer around TrustSec and SGACL.
The topology is pretty simple as the lab is composed of an access switch (2960-X) and a distribution switch (3750-X), connected to the customer's LAN.
The versions running on both devices are the following:
- C2960-X: 15.2(2) E2
- C3750-X: 15.2(4)E1
The aim of the PoC is also quite basic, as I want to restrict access from the PoC environment to the corporate network, by using SGT and SGACL filtering on the PoC distribution switch.
According to my investigation, the 3750-X is aware of the Tags assigned to the Guest PC (dynamically via an ISE policy) and to a server in the customer's Datacenter (statically assigned via mapping in the ISE console). It is also aware of the SGACL accordingly to the TrustSec policy matrix configured in the ISE console.
Despite of that, no traffic seems to be blocked by my policies, as I can still launch an RDP session from my Guest PC to my corporate server.
Could anybody have a look to my configs and outputs, and maybe give me some inputs to identify if I missed something into the configuration, of even in the way it should work ?
Thanks and Regards.
A.
11-24-2016 01:50 PM
Hi,
Did you manage to get this resolved? I am having a similar issue in my lab where the SGACLS seem to be ignored within the matrix but the default rule is being hit. I know this to be true as I have configured an SGACL to deny ICMP and permit the rest of the traffic. I have tested by changing this rule multiple times.
It looks to me like my tags are not being honoured within my network but I'm not sure why.
Cheers
Ant
11-28-2016 02:55 AM
Hi,
Unfortunately, I have no feedback yet that might help.
However, I am still in touch with Cisco TAC in parallel, so I hope I'll be able to get back to you with some answers.
Regards
06-27-2018 08:55 PM
Its been a while but did you ever get this fixed ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide