Custom SGT Conditions
If you do not configure Cisco ISE as an identity source, you can control traffic using Security Group Tags (SGTs) that were not assigned by ISE. SGTs specify the privileges of traffic sources within a trusted network.
If you do not configure ISE/ISE-PIC as an identity source, you can control traffic using Security Group Tags (SGTs) that were not assigned by ISE. SGTs specify the privileges of traffic sources within a trusted network.
Custom SGT rule conditions use manually created SGT objects to filter traffic, rather than ISE SGTs obtained from the system's connection to an ISE server. These manually created SGT objects correspond to the SGT attributes on the traffic you want to control. Controlling traffic using custom SGTs is not considered user control.
Rules with Custom SGT Conditions
Only access control rules support custom SGT conditions.
Rules with Custom SGT Conditions
The following rules support custom SGT conditions:
-
Access control
-
QoS