Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
1
Helpful
1
Replies

In SDA-ACI integration, how IP-to-SGT mappings are synchronized?

muthumohan
Level 1
Level 1

‎04-01-2023 10:48 PM

Hello All, I am trying to understand SDA ACI integration. I now fully (well, mostly) understand how the integration works by exchanging Security Groups and EPGs between ISE and APIC, via REST API.

My question is, how the IP-to-SGT mappings (or IP-to-IEGP mappings on ACI) are exchanged between ISE and APCI. Do they use the REST API or SXP to communicate these mappings between them? If yes, where do you configure/enable SXP on the APIC? In this case they will both be SXP SPEAKER and LISTENER, right?

My guess is SXP, because the purpose of SXP is to exactly do that. But Cisco Documentation does not clearly say that SXP is used for this. So, just wanted to get this cleared.

I understand the rest of the concepts involved in the integration and how the policies are enforced between the two domains.

Thanks in Advance.

Mohan

Labels:
0 Helpful
1 Reply 1

andy!doesnt!like!uucp
Spotlight
Spotlight

‎04-03-2023 12:02 AM - edited ‎04-03-2023 05:04 AM

hi

take a look here:
How to Configure ACI ISE TrustSec Integration (Part 1) (labminutes.com)

UPD. also be aware of ISE<>ACI integration restriction represented by ability to interoperate on single Tenant/L3Out only between ISE & ACI

Customers Also Viewed These Support Documents