EasyManuals Logo

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #185 background imageLoading...
Page #185 background image
7-99
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
show cts sxp
Peer IP : 2.2.2.1
Source IP : 2.2.2.2
Set up : Peer
Conn status : Delete_Hold_Down
Connection mode : SXP Listener
Connection inst# : 1
TCP conn fd : -1
TCP conn password: not set (using default SXP password)
Delete hold down timer is running
Duration since last state change: 0:00:00:16 (dd:hr:mm:sec)
----------------------------------------------
Peer IP : 3.3.3.1
Source IP : 3.3.3.2
Set up : Peer
Conn status : On
Connection inst# : 1
TCP conn fd : 2
TCP conn password: not set (using default SXP password)
Duration since last state change: 0:00:05:49 (dd:hr:mm:sec)
Total num of SXP Connections = 2
The following example displays the current SourceIP-to-SGT mapping database learned through SXP:
router# show cts sxp sgt-map
IP-SGT Mappings as follows:
IPv4,SGT: <2.2.2.1 , 7>
source : SXP;
Peer IP : 2.2.2.1;
Ins Num : 1;
IPv4,SGT: <2.2.2.1 , 7>
source : SXP;
Peer IP : 3.3.3.1;
Ins Num : 1;
Status : Active;
IPv4,SGT: <3.3.3.1 , 7>
source : SXP;
Peer IP : 2.2.2.1;
Ins Num : 1;
The following example displays the current SourceIP-to-SGT mapping database using the brief
keyword:
Router# show cts sxp sgt-map brief
IP-SGT Mappings as follows:
IPv4,SGT: <2.2.2.1 , 7>
IPv4,SGT: <3.3.3.1 , 7>
IPv4,SGT: <4.4.4.1 , 7>
IPv4,SGT: <43.13.21.41 , 7>
Related Commands Command Description
cts sxp Configures SXP on a network device.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
CategoryNetwork Security
FunctionalityProvides role-based access control, network segmentation, and policy enforcement.
Key ComponentsSecurity Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)A protocol used to propagate SGT information across network devices.
Policy EnforcementEnforces security policies based on SGTs and SGACLs.
BenefitsEnhanced security, simplified policy management, and improved compliance.
EncryptionSupports encryption for data in transit through IPsec and MACsec.
ScalabilityScalable to large enterprise networks with thousands of devices.
CompatibilityCompatible with a wide range of Cisco network devices.
DescriptionCisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.

Related product manuals