View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

RS0033 - Nexus 1000V Cisco TrustSec with ASA 9.1

Average: 5 (3 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>

The video looks into Cisco TrustSec feature on Cisco Nexus 1000V. We will configure port-profiles to assign SGT to hosts, and have SGT-to-IP mapping sent to an ASA firewall over a SXP connection for policy enforcement. We will see how we can construct an ACL on the ASA to permit or deny traffic based on SGT value using a object-group-security. 

  • As of version 4.2.1.SV2, Nexus 1000V
    • cannot enforce access policy with SGT (SGACL)
    • cannot insert SGT into packet
    • does not support dynamic SGT assignment from a policy server (eg. ISE)
  • Advanced license is required for Cisco TrustSec feature
Topic includes
  • Cisco TrustSec on Nexus 1000V
  • Security Group ACL (SGACL)
  • Security Group Tag (SGT)
  • SGT-to-Name Mapping
  • Cisco TrustSec support on ASA 9.1
  • SXP Config on a Switch and ASA
  • Security object Group

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.