Restrictions for SGT Mapping
Restrictions for Subnet-to-SGT Mapping
-
An IPv4 subnetwork with a /31 prefix cannot be expanded.
-
Subnet host addresses cannot be bound to Security Group Tags (SGT)s when the network-map bindings bindings parameter is less than the total number of subnet hosts in the specified subnets, or when bindings is 0.
-
IPv6 expansions and propagation only occurs when Security Exchange Protocol (SXP) speaker and listener are running SXPv3, or more recent versions.
Restriction for Default Route SGT Mapping
-
Default route configuration is accepted only with the subnet /0. Entering only the host-ip without the subnet /0 displays the following message:
Device(config)#cts role-based sgt-map 0.0.0.0 sgt 1000 Default route configuration is not supported for host ip