You are here
SEC0220 - ISE 2.0 TrustSec - SXP (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates SXP capability on Cisco ISE 2.0 to relay SGT between SXP-capable network devices. We will use WLC as SXP speaker, while ASA and switch as listeners and enforcers. The switch has SGACL implemented from the previous video and the ASA will leverage SGT in its ACL. We will also look at Static SXP Mapping.
Part 2 of this video covers SGT assignment on WLC, SGACL, and Static SXP Mapping
Topic:
- SGT Exchange Protocol (SXP)
- SXP Speaker and Listener
- SGT Assignment on WLC
- Static SXP Mapping
- ACL with SGT on ASA
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
4 comments
How to push the SGTACL to the switch?
Hi Author,
Switch do SGTACL enforcement point here, only need to establish SXP can push with ISE SGTACL to switch?Whether you need to ISE as AAA server configuration for switch?
TKS!
How to push the SGTACL to the switch?
You do as device need to authenticate with ISE before it can receive config
Why not source SGT for reverse traffic?
Hello Author,
Why in 08:16 for reverse(asnwer) traffic from server to employee we do not see source SGT? As i know servers were manually tagged and not SXP so that it should point, shouldn`t it?
Why not source SGT for reverse traffic?
You are right but that's just how the switch Netflow displays it. It also may vary on IOS version.