Layer 3 Logical Interface to SGT Mapping
The TrustSec Security Group Name Download feature is used to directly map SGTs to traffic of any of the following Layer 3 interfaces regardless of the underlying physical interface:
-
Routed port
-
SVI (VLAN interface)
-
Layer3 subinterface of a Layer2 port
-
Tunnel interface
The cts role-based sgt-map interface global configuration command to specify either a specific SGT number, or a Security Group Name (whose SGT association is dynamically acquired from a Cisco ISE or a Cisco ACS access server).