Home » Cisco » 300-208 » Which two classifications can the tags be mapped to?
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept.
Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Correct Answer: AC
Explanation/Reference:
In static classification the tag maps to some thing (an IP, subnet, VLAN, or interface) rather than relying on an authorization from the Cisco ISE.
This process of assigning the SGT is defined as “classification.” These classifications are thentransported deeper into the network for policy enforcement
Correct answer is A, C
While there are other applications, static classification is generally used to define the SGTs for servers in the data center. Static classification is generally defined on the switch to which the server is directly attached. Options for static assignment depend on the network device platform and software version. Options can include mapping individual IP addresses, subnets, VLANs, layer 2 interfaces or layer 3 interfaces to an SGT.