cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
1
Replies

Cisco trustsec ASA sub-interface

Chi Fai Leung
Level 1
Level 1

Tested the Trustsec on ASA, that could not apply when the ASA defined the sub-interface to connect the PortChannel of Switch? Anyone tested and got the same of result?

1 Reply 1

Ryan Wolfe
Level 5
Level 5

Hello,

Are you referring to applying inline tagging on an ASA subinterface?

If so, I do not believe inline SGT tagging is supported on logical interfaces (such as sub-interfaces).

This documentation seems to support this: https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-trustsec.html#93713

Please look under the Layer 2 Imposition section:

Layer 2 SGT Imposition

  • Supported only on physical interfaces, VLAN interfaces, port channel interfaces, and redundant interfaces.
  • Not supported on logical interfaces or virtual interfaces, such as BVI.

HTH, 

Ryan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: