cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
207
Views
2
Helpful
2
Replies

Cisco ISE

abdullashaik898
Beginner
Beginner

What is SGT in Cisco-ISE ?

1 Accepted Solution

Accepted Solutions

Hi

 In simple words SGT would be a badge a device earn when successfully authenticate on the network

The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.

 You can create access-list based on the SGT and apply the Access-list to  switch controlling the traffic using SGT as identification.

View solution in original post

2 Replies 2

Hi

 In simple words SGT would be a badge a device earn when successfully authenticate on the network

The ISE assign a SGT according to the SGT matrix you create on the DNAC and each device will have permission according to the SGT.

 You can create access-list based on the SGT and apply the Access-list to  switch controlling the traffic using SGT as identification.

Marvin Rhoads
Hall of Fame
Hall of Fame

SGT means Security Group Tag (original definition) or Scalable Group Tag (updated term which has not been universally used even within Cisco).

An SGT is appended to an Ethernet frame as an identified to allow switches and routers to apply policy (such as an ACL) based on the tag rather than based on the traditional 5-tuple (protocol, source IP, source port, destination IP and destination port).

SGTs are technically appealing since they use much fewer hardware resources in the switches and routers. Generally the resource in short supply is TCAM (Tertiary Content Addressable Memory). When we adopt segmentation based on per-port/end device access control, we can quickly run out of available TCAM.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: