7-66
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
propagate (cts dot1x submode)
propagate (cts dot1x submode)
To enable and disable the SGT propagation on a Cisco TrustSec interface, use the propagate sgt
command in CTS dot1x interface configuration submode.
[no] propagate sgt
Syntax Description
Defaults .SGT propagation is enabled by default in CTS dot1x and CTS manual interface configuration submodes.
Command Modes CTS Dot1x interface configuration submode (config-if-cts-dot1x)
Supported User Roles Administrator
Command History
Usage Guidelines SGT propagation (SGT tag encapsulation) is enabled by default in both CTS dot1x and CTS manual
interface configuration submodes. A TrustSec-capable port can support Layer-2 MACsec and SGT
encapsulation, and negotiates the most secure mode with the peer for the transmittal of the SGT tag and
data. MACsec is an 802.1AE standard-based link-to-link protocol used by switches and servers. A peer
can support MACsec, but not SGT encapsulation. In such a case, it is recommended that this Layer 2
SGT propagation be disabled with the no propagate sgt CTS Dot1x interface configuration command.
To re-enable the SGT propagation enter the propagate sgt command. Use the show cts interface
command to verify the state of SGT propagation. Only the disabled state is saved in the nonvolatile
generation (NVGEN) process.
Examples The following example disables SGT propagation on a TrustSec-capable interface:
router(config) interface gigabit 6/1
router(config-if) cts dot1x
router(config-if-cts-dot1x)# no propagate sgt
router# show cts interface gigabit 6/1
Global Dot1x feature is Enabled
Interface GigabitEthernet6/1:
CTS is enabled, mode: DOT1X
IFC state: INIT
<snip> . . .
sgt Specifies CTS SGT propagation.
Release Modification
12.2(50) SY This command was introduced on the Catalyst 6500 Series Switches.
To Next Page
Loading...
