Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System
B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4
D. Cisco Identity Services Engine
Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System
B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4
D. Cisco Identity Services Engine
Information About SGT Inline Tagging
Overview of SGT Inline Tagging
Each security group in a Cisco TrustSec domain is assigned a unique 16 bit tag called the Security Group Tag (SGT). The SGT is a single label indicating the privileges of the source within the entire network. It is in turn propagated between network hops allowing any intermediary devices (switches, routers) to enforce polices based on the identity tag.
Cisco TrustSec-capable devices have built-in hardware capabilities than can send and receive packets with SGT embedded in the MAC (L2) layer. This feature is called Layer 2(L2)-SGT Imposition. It allows Ethernet interfaces on the device to be enabled for L2-SGT imposition so that the device can insert an SGT in the packet to be carried to its next hop Ethernet neighbor. SGT-over-Ethernet is a method of hop-by-hop propagation of SGT embedded in clear-text (unencrypted) Ethernet packets. The inline identity propagation is scalable, provides near line-rate performance and avoids control plane overhead.