propagate-sgt
To enable SGT propagation on Layer 2 (L2) Cisco TrustSec interfaces, use the propagate-sgt command. To
disable SGT propagation, use the no form of this command.
propagate-sgt [l2-control]
no propagate-sgt [l2-control]
Syntax Description
Specifies SGT propagation of the L2 control packets.l2-control
Command Default
Enabled
Command Modes
Global configuration
Command History
ModificationRelease
Added the l2-control keyword.8.1(1)
Support was added for F3 Series modules.6.2(10)
This command was introduced.4.0(3)
Usage Guidelines
You can disable the SGT propagation feature on an interface if the peer device connected to the interface can
not handle Cisco TrustSec packets tagged with an SGT.
To use this command, you must enable the Cisco TrustSec feature using the feature cts command.
After using this command, you must enable and disable the interface using the shutdown/no shutdown
command sequence for the configuration to take effect.
Use the no propagate-sgt l2-control command to enable SGT tagging exemption for L2 control packets.
This exemption ensures that the L2 control protocols are transmitted without any SGT tags from the Cisco
TrustSec enabled-ports. The no propagate-sgt l2-control command is supported only on the Cisco M3 Series
module ports without Cisco TrustSec MACSec.
You can also enable or disable SGT tagging of the L2 control packets under a port profile and a port channel.
This command requires the Advanced Services license.
Examples
This example shows how to disable SGT propagation:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# cts dot1x
Cisco Nexus 7000 Series Security Command Reference
594
P Commands
propagate-sgt
To Next Page
Loading...
