Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3035
Views
5
Helpful
5
Replies

Platform matrix - TrustSec Monitor Mode

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎07-05-2018 03:10 PM - edited ‎03-11-2019 01:44 AM

Hi team,

Do we have a definitive list somewhere that shows what hardware platforms support aspects of TrustSec Monitor Mode (Monitor All pushed from ISE, SGACL monitoring on the switch)?

Neither the Platform Capability Matrices nor the System Bulletins seem to have this info.

I need to determine what support the Cat4500-X has for CTS Monitor Mode.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee
In response to Greg Gibbs

‎07-06-2018 01:21 AM

Hi Greg,

SGACL Monitor Mode is unfortunately not supported in any release on cat4K.

The 6500 Sup2T supports it from 15.1(1)SY1.

The N7k F2/F2e/F3 supports it from 7.3(0)D1(1).

The ISR4k, ASR1k and CSR support it from 16.4.1.

The 3850/3650 support it from 16.3.1

The Cat9k products support it from 16.5.1a

Regards, Jonothan.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-05-2018 05:21 PM

Hello Gregory,

You can find a detailed list of supported platforms and minimum/tested IOS versions in the TrustSec Matrix. The TrustSec BU keeps this document up to date and should be the go to reference. 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/software-platform-capability-matrix.…

You will find that the 4500X is fully compatible, it is listed on page 2. Monitor mode, low impact, or closed would all be supported.

The 4500 Chassis's have different levels of support.  Sup8E being fully compatible, Sup7/6 partial support etc.  You will find all of it in there.  With the 4500 Chassis's you will still require compatible line cards.


TrustSec supported line cards on the 4500's from the document linked: WS-X4712-SFP+E, WS-X4712- SFP-E, WS-X4748-UPOE+E, WS-X4748-RJ45V+E, WS-X4748-RJ45- E, WS-X4724-SFP-E, WS-X4748-SFP-E, and WS-X4748-12X48U+E.

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Damien Miller

‎07-05-2018 05:37 PM

Thanks Damien, but this does not answer the question I posed.

To be clear, TrustSec CTS Monitor Mode does not specifically relate to (and should not be confused with) ISE Monitor Mode, Low Impact Mode, or Closed Mode. CTS Monitor Mode is more a capability of the switch being able to show SGACL hits without actually enforcing the SGACL Policy. As I mentioned in my question, neither the System Bulletin nor Platform Matrices provides this detail.

Also, the 4500-X is a fixed port platform so the Sup and line cards are not relevant.

darrimil faylee, any comments on this?

0 Helpful

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee
In response to Greg Gibbs

‎07-06-2018 01:21 AM

Hi Greg,

SGACL Monitor Mode is unfortunately not supported in any release on cat4K.

The 6500 Sup2T supports it from 15.1(1)SY1.

The N7k F2/F2e/F3 supports it from 7.3(0)D1(1).

The ISR4k, ASR1k and CSR support it from 16.4.1.

The 3850/3650 support it from 16.3.1

The Cat9k products support it from 16.5.1a

Regards, Jonothan.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to jeaves@cisco.com

‎07-06-2018 01:47 AM

Thanks Jonothan!

Can we please look at getting this added to the platform matrix in future?

Thanks,

Greg

0 Helpful

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee
In response to Greg Gibbs

‎07-06-2018 02:01 AM

Yep, already started the ball rolling.

Regards, Jonothan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents