263
Cisco Systems, Inc. www.cisco.com
Configuring SGT Exchange Protocol over
TCP (SXP) and Layer 3 Transport
You can use the SGT Exchange Protocol (SXP) to propagate the SGTs across network devices that do not have hardware
support for Cisco TrustSec. This section describes how to configure Cisco TrustSec SXP on switches in your network.
This section includes the following topics:
Cisco TrustSec SGT Exchange Protocol Feature Histories, page 263
Configuring Cisco TrustSec SXP, page 263
Configuring the Default SXP Password, page 266
Configuring the Default SXP Source IP Address, page 266
Changing the SXP Reconciliation Period, page 266
Changing the SXP Retry Period, page 267
Creating Syslogs to Capture Changes of IP Address to SGT Mapping Learned Through SXP, page 267
Verifying the SXP Connections, page 267
Configuring Cisco TrustSec Caching, page 268
Cisco TrustSec SGT Exchange Protocol Feature Histories
For a list of supported TrustSec features per platform and the minimum required IOS release, see
the Cisco TrustSec Platform Support Matrix at the following URL: (final URL posted with TS 4.0)
http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
Otherwise, see product release notes for detailed feature introduction information.
Configuring Cisco TrustSec SXP
To configure Cisco TrustSec SXP, follow these steps:
1. Enable the Cisco TrustSec feature (see the “Configuring Identities, Connections, and SGTs” chapter in the Cisco
TrustSec Switch Configuration Guide at:
http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/ident-conn_config.ht
ml#wpxref29406).
2. Enable Cisco TrustSec SXP (see Enabling Cisco TrustSec SXP, page 264).
3. Configure SXP peer connections (see Configuring an SXP Peer Connection, page 264).
To Next Page
Loading...
Need help?
General
