Contents
v
Cisco TrustSec Configuration Guide
OL-22192-01
Layer 3 Logical Interface to SGT Mapping (L3IF–SGT Mapping) 3-20
Feature History for L3IF-SGT Mapping 3-21
Default Settings 3-21
Configuring L3IF to SGT Mapping 3-21
Verifying L3IF to SGT Mapping 3-21
Configuration Example for L3IF to SGT Mapping on an Ingress Port 3-22
Binding Source Priorities 3-22
Configuring Additional Authentication Server-Related Parameters 3-23
Automatically Configuring a New or Replacement Password with the Authentication Server 3-24
Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport 4-1
Cisco TrustSec SGT Exchange Protocol Feature Histories 4-1
Configuring Cisco TrustSec SXP 4-2
Enabling Cisco TrustSec SXP 4-2
Configuring an SXP Peer Connection 4-2
Configuring the Default SXP Password 4-4
Configuring the Default SXP Source IP Address 4-4
Changing the SXP Reconciliation Period 4-5
Changing the SXP Retry Period 4-5
Creating Syslogs to Capture Changes of IP Address to SGT Mapping Learned Through SXP 4-5
Verifying the SXP Connections 4-6
Configuring Layer 3 SGT Transport Between Cisco TrustSec Domains 4-6
Configuring Cisco TrustSec Reflector for Cisco TrustSec-Incapable Switching Modules 4-8
Configuring Cisco TrustSec Caching 4-9
Enabling Cisco TrustSec Caching 4-9
Clearing the Cisco TrustSec Cache 4-10
Configuring SGACL Policies 5-1
Cisco TrustSec SGACL Feature Histories 5-1
SGACL Policy Configuration Process 5-2
Enabling SGACL Policy Enforcement Globally 5-2
Configuration Examples for Enabling SGACL Policy Enforcement Globally 5-2
Enabling SGACL Policy Enforcement Per Interface 5-3
Configuration Examples for Enabling SGACL Policy Enforcement Per Interface 5-3
Enabling SGACL Policy Enforcement on VLANs 5-3
Configuration Examples for Enabling SGACL Policy Enforcement on VLANs 5-3
To Next Page
Loading...
