268
Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport
Configuring Cisco TrustSec Caching
This example shows how to view the SXP connections:
Router# show cts sxp connections
SXP : Enabled
Default Password : Set
Default Source IP: 10.10.1.1
Connection retry open period: 10 secs
Reconcile period: 120 secs
Retry open timer is not running
----------------------------------------------
Peer IP : 10.20.2.2
Source IP : 10.10.1.1
Conn status : On
Conn Version : 2
Connection mode : SXP Listener
Connection inst# : 1
TCP conn fd : 1
TCP conn password: default SXP password
Duration since last state change: 0:00:21:25 (dd:hr:mm:sec)
Total num of SXP Connections = 1
Configuring Cisco TrustSec Caching
Enabling Cisco TrustSec Caching
For quick recovery from brief outages, you can enable caching of authentication, authorization, and policy information for
Cisco TrustSec connections. Caching allows Cisco TrustSec devices to use unexpired security information to restore
links after an outage without requiring a full reauthentication of the Cisco TrustSec domain. The Cisco TrustSec devices
will cache security information in DRAM. If non-volatile (NV) storage is also enabled, the DRAM cache information will
also be stored to the NV memory. The contents of NV memory populate DRAM during a reboot.
Note: During extended outages, the Cisco TrustSec cache information is likely to become outdated.
To enable Cisco TrustSec caching, perform this task:
Command Purpose
1.
Router# show cts sxp connections
[brief]
Displays SXP status and connections.
Feature Name Releases Feature Information
TrustSec Caching 12.2(50) SY This feature was introduced on the Catalyst 6500 series
switches.
To Next Page
Loading...
Need help?
General
