08-12-2024 08:11 AM - edited 08-12-2024 08:11 AM
Hi,
Our FTD 3130 is currently connected to a Catalyst 9407 acting as SDA border node. The link between the Cat9407 and the FTD3130 is a trunk that allows the different VLANs for inter-VN traffic. After running packet captures on the FTD interface I see that the SGT source is "session_directory".
I noticed this after having traffic dropped since the SGT is not the valid one.
I have enabled the "SGT propagate" in the FTD interface and the configuration is:
interface Ethernet1/14.10
vlan 10
nameif corporate-bn2-vni
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
zone-member SDA-ECMP-Corporate
ip address x.x.x.x x.x.x.x.x standby x.x.x.y
On the border nodes I've tested adding the commands but they don't work neither.
cts manual
propagate sgt
policy static sgt 2 trusted
Any idea?
thanks
Solved! Go to Solution.
08-13-2024 03:29 AM
Solved after applying the commands below in all the uplinks on the border nodes. I was missing some interfaces.
cts manual
propagate sgt
policy static sgt 2 trusted
08-13-2024 03:29 AM
Solved after applying the commands below in all the uplinks on the border nodes. I was missing some interfaces.
cts manual
propagate sgt
policy static sgt 2 trusted
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide