Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
1
Replies

TrustSec SGT tagging for statically assigned hosts

AIN UL BADAR
Level 4
Level 4

‎05-14-2020 02:50 PM

Hello,

I'm in the middle of a deployment where I have some servers, which are assigned static ip addresses. Since "ip device- tracking or DHCP Snooping" can't work on these ports/hosts, how can I restrict traffic to these servers using SGTs/SGACLs? What are my options. 

Appreciate your help.

Thanks

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎05-14-2020 03:36 PM

Hi,
What hardware do you have? These devices will need to support trustsec enforcement, which will allow you to use SGACL (switches/routers) or SG Firwall (ASA or FTD). Refer to the trustsec matrix here, to determine if your hardware supports enforcement.

 

I assume you are using ISE? If so you could deploy IP/SGT Static bindings using SXP to send the bindings of the servers to the switch/router/firewall acting as the enforcement point.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents