Feature Description

The Security Group Tag (SGT) specifies the privileges of a traffic source within a trusted network. Security Group Access (a feature of both Cisco TrustSec and Cisco ISE) automatically generates the SGT when a user adds a security group in TrustSec or ISE.

Note

Security Group Tag (SGT) is also referred to as Scalable Group Tag.

The Identity Services Engine (ISE) sends SGT values over the RADIUS interface, that are propagated over the N6 interface. The SGT value needs to be checkpointed for both session recovery and ICSR/GR scenarios for availability to the peer session manager.