Feature Description
UPF supports the Security Group Tag (SGT) to specify the privileges of a traffic source within a trusted network. Security Group Access (a feature of both Cisco TrustSec and Cisco ISE) automatically generates the SGT when a user adds a security group in TrustSec or ISE.
Note | Security Group Tag (SGT) is also referred to as Scalable Group Tag. |
The Identity Services Engine (ISE) sends SGT values over the RADIUS interface that are propagated over the N6 interface. The SGT value must be checkpointed for both session recovery and ICSR/GR scenarios for availability to the peer session manager.
For more information, refer to the chapter. Security Group Tag Support