Thursday, 12 March 2026

Cisco TrustSec Hardware Compatibility and SGT Support Matrix

 While specific hardware support varies by model and software version, the following Cisco switches are explicitly highlighted in the sources for their TrustSec capabilities:

  • Catalyst 9000 Series: The Catalyst 9300 and 9500 are identified as switches capable of native SGT tagging and SGT propagation. The Catalyst 9300 also supports downlink MACsec.

  • Nexus Series: Supported Nexus 7000 models allow for manual SGT configuration at the interface level, though some Nexus models may have limited TrustSec feature support.

  • General Support: All Cisco Secure Access–supported switches generally support the assignment of SGTs (classification).

Because support is highly dependent on the specific platform and IOS version (for example, NDAC links are no longer supported in some newer IOS XE releases), it is recommended to consult the Cisco TrustSec Platform Capability Matrix for detailed hardware compatibility.
at

Comparative Architectures of Centralised and Local Web Authentication

  The choice between Local Web Authentication (LWA) and Centralized Web Authentication (CWA) depends on your need for dynamic policy enforce...