Which of the following enables SGT-capable devices to propagate IP-to-SGT mappings across network devices that do not have SGT-capable hardware?

The Security Group Tag (SGT) capabilities are integral to network segmentation and security policy enforcement within Cisco's Identity Services Engine (ISE). Among the available choices, the Security Exchange Protocol is essential because it allows SGT-capable devices to communicate and propagate IP-to-SGT mappings across devices that lack native SGT capability.

This propagation is crucial in environments where not all network equipment supports SGTs, enabling a cohesive approach to security even when hardware specifications vary. Without this protocol, the benefits of SGTs would be limited to only those devices that support them, creating potential gaps in security and complicating policy enforcement.

The other options do not directly address the transmission of IP-to-SGT mappings specifically across non-SGT-capable devices. Understanding how the Security Exchange Protocol functions is vital for effectively leveraging SGTs in broader network configurations and ensuring comprehensive security across an organization’s infrastructure.