EasyManuals Logo
Home>Cisco>Switch>TrustSec

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #52 background imageLoading...
Page #52 background image
3-16
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Manually Configuring IP-Address-to-SGT Mapping
IPv4,SGT: <11.11.11.3 , 11111>
IPv4,SGT: <11.11.11.4 , 11111>
IPv4,SGT: <11.11.11.5 , 11111>
IPv4,SGT: <11.11.11.6 , 11111>
IPv4,SGT: <192.168.1.1 , 65000>
IPv4,SGT: <192.168.1.2 , 65000>
IPv4,SGT: <192.168.1.3 , 65000>
IPv4,SGT: <192.168.1.4 , 65000>
IPv4,SGT: <192.168.1.5 , 65000>
IPv4,SGT: <192.168.1.6 , 65000>
IPv4,SGT: <192.168.1.7 , 65000>
IPv4,SGT: <192.168.1.8 , 65000>
IPv4,SGT: <192.168.1.9 , 65000>
IPv4,SGT: <192.168.1.10 , 65000>
IPv4,SGT: <192.168.1.11 , 65000>
IPv4,SGT: <192.168.1.12 , 65000>
IPv4,SGT: <192.168.1.13 , 65000>
IPv4,SGT: <192.168.1.14 , 65000>
Step 6 Verify the expansion count on Switch1:
Switch1# show cts sxp sgt-map
IP-SGT Mappings expanded:22
There are no IP-SGT Mappings
Step 7 Save the configurations on Switch 1 and Switch 2 and exit global configuration mode.
Switch1(config)# copy running-config startup-config
Switch1(config)# exit
Switch2(config)# copy running-config startup-config
Switch2(config)# exit
VLAN to SGT Mapping
The VLAN to SGT mapping feature binds an SGT to packets from a specified VLAN. This simplifies
the migration from legacy to TrustSec-capable networks as follows:
Supports devices that are not TrustSec-capable but are VLAN-capable, such as, legacy switches,
wireless controllers, access points, VPNs, etc.
Provides backward compatibility for topologies where VLANs and VLAN ACLs segment the
network, such as, server segmentation in data centers.
The VLAN to SGT binding is configured with the cts role-based sgt-map vlan-list global configuration
command.
When a VLAN is assigned a gateway that is a switched virtual interface (SVI) on a TrustSec-capable
switch, and IP Device Tracking is enabled on that switch, then TrustSec can create an IP to SGT binding
for any active host on that VLAN mapped to the SVI subnet.
IP-SGT bindings for the active VLAN hosts are exported to SXP listeners. The bindings for each mapped
VLAN are inserted into the IP-to-SGT table associated with the VRF the VLAN is mapped to by either
its SVI or by a cts role-based l2-vrf cts global configuration command.
VLAN to SGT bindings have the lowest priority of all binding methods and are ignored when bindings
from other sources are received, such as from SXP or CLI host configurations. Binding priorities are
listing in the “Binding Source Priorities” section on page 3-22.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
BrandCisco
ModelTrustSec
CategorySwitch
LanguageEnglish

Related product manuals