Solved: Cisco ISE

abdullashaik898 · ‎06-07-2023

What is SGT in Cisco-ISE ?

Flavio Miranda · ‎06-07-2023

Hi

In simple words SGT would be a badge a device earn when successfully authenticate on the network

The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.

You can create access-list based on the SGT and apply the Access-list to switch controlling the traffic using SGT as identification.

View solution in original post

Flavio Miranda · ‎06-07-2023

Hi

In simple words SGT would be a badge a device earn when successfully authenticate on the network

The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.

You can create access-list based on the SGT and apply the Access-list to switch controlling the traffic using SGT as identification.

Marvin Rhoads · ‎06-07-2023

SGT means Security Group Tag (original definition) or Scalable Group Tag (updated term which has not been universally used even within Cisco).

An SGT is appended to an Ethernet frame as an identified to allow switches and routers to apply policy (such as an ACL) based on the tag rather than based on the traditional 5-tuple (protocol, source IP, source port, destination IP and destination port).

SGTs are technically appealing since they use much fewer hardware resources in the switches and routers. Generally the resource in short supply is TCAM (Tertiary Content Addressable Memory). When we adopt segmentation based on per-port/end device access control, we can quickly run out of available TCAM.