Restrictions for SGT Mapping
Restrictions for Subnet-to-SGT Mapping
An IPv4 subnetwork with a /31 prefix cannot be expanded.
Subnet host addresses cannot be bound to Security Group Tags (SGT)s when the network-map bindings bindings parameter is less than the total number of subnet hosts in the specified subnets, or when bindings is 0.
IPv6 expansions and propagation only occurs when Security Exchange Protocol (SXP) speaker and listener are running SXPv3, or more recent versions.
Restriction for Default Route SGT Mapping
Default route configuration is accepted only with the subnet /0. Entering only the host-ip without the subnet /0 displays the following message:
Device(config)#cts role-based sgt-map 0.0.0.0 sgt 1000 Default route configuration is not supported for host ip