B-2
Cisco TrustSec Configuration Guide
OL-22192-01
Appendix B Notes for Catalyst 4500 Series Switches
TrustSec SGT and SGACL Configuration Guidelines and Limitations
IP-SGT mappings are not VRF-aware.
The TTL configuration is not supported for SGACL.
The TCP flags supported by SGACL is similar to what the other ACLs support.
The maximum number of ACEs supported in the Default/(*,*) SGACL policy is 512.
The IP-SGT mapping (based on the Source IP address in the packet) takes precedence over the SGT tag
present in the CMD header of incoming traffic even if the ingress port is in trusted state. This deviates
from the default behavior, which dictates that if the port is trusted the packet SGT is used for enforcing
the SGACL policy.
To Next Page
Loading...
Need help?
General