Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1627
Views
0
Helpful
1
Replies

Question about - Trustsec - SGT - SXP

Thomas Mikkelsen
Level 1
Level 1

‎03-02-2016 03:03 PM - edited ‎02-20-2020 09:44 PM

Hi

I have a question regarding TrustSec. More specific about SGT.

As far as I understand older switches like a 2960G does not support SGT or SXP.

What happens to the SGT when the 2960G receives the packet? Will it discard the packet or just the SGT? Or something else? 

Best regards 

Thomas - Denmark

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-05-2016 09:12 AM

It would drop it.

See slide 34 of Cisco Live presentation LTRSEC-2016 The Essentials of Cisco TrustSec (2016 Berlin) for example where it says: "Non-capable device drops frame with unknown Ethertype".

The design to work around this limitation is to use SXP to span non-Trustsec regions. See the guide here where it is explained in some detail:  http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html#pgfId-1054655

However the 2960G specifically was end of sales almost 4 years ago and does not support an IOS with SXP capability. So the SXP termination would need to be upstream in your network. The newer 2960 models support SXP with IOS 15.0(2)SE or later. (15.2(2) recommended)

0 Helpful
Customers Also Viewed These Support Documents