06-07-2023 04:17 AM
What is SGT in Cisco-ISE ?
Solved! Go to Solution.
06-07-2023 04:30 AM
Hi
In simple words SGT would be a badge a device earn when successfully authenticate on the network
The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.
You can create access-list based on the SGT and apply the Access-list to switch controlling the traffic using SGT as identification.
06-07-2023 04:30 AM
Hi
In simple words SGT would be a badge a device earn when successfully authenticate on the network
The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.
You can create access-list based on the SGT and apply the Access-list to switch controlling the traffic using SGT as identification.
06-07-2023 08:48 AM
SGT means Security Group Tag (original definition) or Scalable Group Tag (updated term which has not been universally used even within Cisco).
An SGT is appended to an Ethernet frame as an identified to allow switches and routers to apply policy (such as an ACL) based on the tag rather than based on the traditional 5-tuple (protocol, source IP, source port, destination IP and destination port).
SGTs are technically appealing since they use much fewer hardware resources in the switches and routers. Generally the resource in short supply is TCAM (Tertiary Content Addressable Memory). When we adopt segmentation based on per-port/end device access control, we can quickly run out of available TCAM.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: