Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3634
Views
0
Helpful
1
Replies

SGT-IP enforcement on a Cisco switch with a device authenticated on an Aruba WLC

jpujol
Cisco Employee
Cisco Employee

‎05-18-2018 09:09 AM - edited ‎03-11-2019 01:37 AM

Hi team,

Would anyone able to confirm / invalidate the possible trustsec integration between an Aruba WLC and a Cisco switch, if ISE publishes the SGT-IP mapping to the switch thru SXP ?

expected scenario :

- device gets authenticated on the Aruba WLC thru ISE (dot1x + cert or user credentials)

- Aruba WLC sends the device IP address to ISE via radius accounting

- ISE is able to enter the SGT-IP mapping in its local store

- ISE publishes the SGT-IP entry to Cisco switches via SXP

Screen Shot 2018-05-18 at 18.06.12.png

Have you ever seen this in action ?

Thanks for any feedback,

Rgds,

Jean-Francois

Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎05-19-2018 08:17 AM

Affirmative.

ISE 2.0+ Support for SXP is there for a use case like you described.

0 Helpful
Customers Also Viewed These Support Documents