View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0220 - ISE 2.0 TrustSec - SXP (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video demonstrates SXP capability on Cisco ISE 2.0 to relay SGT between SXP-capable network devices. We will use WLC as SXP speaker, while ASA and switch as listeners and enforcers. The switch has SGACL implemented from the previous video and the ASA will leverage SGT in its ACL. We will also look at Static SXP Mapping.
 
Part 2 of this video covers SGT assignment on WLC, SGACL, and Static SXP Mapping
 
Topic:
  • SGT Exchange Protocol (SXP)
  • SXP Speaker and Listener
  • SGT Assignment on WLC
  • Static SXP Mapping
  • ACL with SGT on ASA

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

4 comments

Hi Author,
Switch do SGTACL enforcement point here, only need to establish SXP can push with ISE SGTACL to switch?Whether you need to ISE as AAA server configuration for switch?
TKS!

You do as device need to authenticate with ISE before it can receive config

Hello Author,
Why in 08:16 for reverse(asnwer) traffic from server to employee we do not see source SGT? As i know servers were manually tagged and not SXP so that it should point, shouldn`t it?

You are right but that's just how the switch Netflow displays it. It also may vary on IOS version.

Poll

Vote for the Next Video Series