152
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
SGT over Ethernet Tagging
DETAILED STEPS
Command or Action Purpose
Step 1
enable
Example:
Router(config)# enable
Enables the privileged EXEC mode. Enter your
password if prompted.
Step 2
configure terminal
Example:
Router(config)# configure terminal
Enters the global configuration mode.
Step 3
interface gigabitethernet slot/port
Example:
Router(config)# interface gigabitethernet
0/0
Enters the interface configuration mode.
Step 4
cts manual
Example:
Router(config-if)# cts manual
Enables the interface for CTS SGT authorization
and forwarding, and enters the CTS manual
interface configuration mode.
Step 5
propagate sgt
Example:
Router(config-if-cts-manual)# propagate sgt
Enables L2-SGT imposition for egress traffic on
the interface.
Note If you configure cts manual command,
CTS SGT propagation is enabled by
default. To disable CTS SGT propagation,
use no propagate sgt command.
Step 6
policy static sgt tag [trusted]
Example:
Router(config-if-cts-manual)# policy static
sgt 77 trusted
Configures a static SGT ingress policy on the
interface and defines the trustworthiness of an
SGT received on the interface.
Note The trusted keyword indicates that the
interface is trustworthy for CTS. The SGT
value received via the ethernet packet on
this interface is trusted and will be used by
the device for any SGT-aware policy
enforcement or for egress tagging. If the
trusted keyword is not configured, all the
ingress traffic is assigned with the static
SGT value specified in the configuration.
Step 7
end
Example:
Router(config-if-cts-manual)# end
Exits the configuration session.
To Next Page
Loading...
