Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
1
Replies

Trustsec SGT inline Propagation

dporod
Level 1
Level 1

‎01-05-2023 11:02 AM

I have an SDA lab with a 9300 (Border/Control) connected to a 4331 ISR (Fusion) via a trunk port. I am trying to get the SGT tagging from the 9300 to propagate over the trunk link to the 4331. I try using the "cts manual" configuration on gi0/1/0 of the ISR but this takes the link protocol down.

 

Any help appreciated

Labels:
0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎01-06-2023 12:16 AM

 

 Make sure that the following requirements are met:

  1. Both devices must support SGT tagging and be running a version of the software that supports this feature.
  2. The trunk link must be configured to allow the SGT tag to be passed through. This can usually be done by using the "switchport trunk allowed vlan" command on both sides of the trunk and specifying the SGT VLAN as one of the allowed VLANs.
  3. The SGT tag must be applied to the traffic on the Cisco 9300. This can typically be done using the "sgt" command in the appropriate interface configuration mode.

If these requirements are met and you are still having issues, it may be helpful to verify the trunk configuration and check for any errors or misconfigurations. You can also try using the "debug" command to see if it provides any additional information about the problem.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful
Customers Also Viewed These Support Documents