153
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
SGT over Ethernet Tagging
Example: Configuring SGT over Ethernet Tagging
This example shows how to configure SGT over Ethernet tagging with CTS SGT propagation enabled:
Router# configure terminal
Router(config)# interface gigabitethernet 0/0
Router(config-if)# cts manual
Router(config-if-cts-manual)# propagate sgt
Router(config-if-cts-manual)# policy static sgt 77 trusted
Router(config-if-cts-manual)# end
Router# show running interface gigabitethernet 0/0
interface gigabitethernet 0/0
ip address 50.0.0.1 255.255.255.0
cts manual
policy static sgt 77 trusted.
end
This example shows how to configure SGT over Ethernet tagging with CTS SGT propagation disabled:
Router# configure terminal
Router(config)# interface gigabitethernet 0/0
Router(config-if)# cts manual
Router(config-if-cts-manual)# no propagate sgt
Router(config-if-cts-manual)# policy static sgt 77 trusted
Router(config-if-cts-manual)# end
Router# show running interface gigabitethernet 0/0
interface gigabitethernet 0/0
ip address 50.0.0.1 255.255.255.0
cts manual
no propagate sgt
policy static sgt 77 trusted.
end
Verifying SGT over Ethernet Tagging
Use the show cts interface brief command to display the CTS interface- specific configuration:
Router# show cts interface brief
Interface gigabitethernet 0/0
CTS is enabled, mode: MANUAL
Propagate SGT: Enabled
Static Ingress SGT Policy:
Peer SGT: 77
Peer SGT assignment: Trusted
Use the show cts platform interface interface-name stats detail command to display platform-specific
CTS-related statistics:
Router# show cts platform interface gigabitethernet 0/0 stats detail
Interface gigabitethernet 0/0
L2-SGT Statistics
Pkts In : 31627
Pkts (policy SGT assigned) : 24
Pkts Out : 6866
Pkts Drop (malformed packet): 0
Pkts Drop (invalid SGT) : 0
To Next Page
Loading...
