3-17
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Manually Configuring IP-Address-to-SGT Mapping
Default Settings
There are no default settings.
Configuring VLAN to SGT Mapping
This section includes the following topics:
• Task Flow for Configuring VLAN-SGT Mapping, page 3-17
Task Flow for Configuring VLAN-SGT Mapping
• Create a VLAN on the TrustSec switch with the same VLAN_ID of the incoming VLAN.
• Create an SVI for the VLAN on the TrustSec switch to be the default gateway for the endpoint
clients.
• Configure the TrustSec switch to apply an SGT to the VLAN traffic.
• Enable IP Device tracking on the TrustSec switch.
• Verify that VLAN to SGT mapping occurs on the TrustSec switch.
Detailed Steps for Catalyst 6500
Command Purpose
Step 1
config t
Example:
TS_switchswitch# config t
TS_switchswitch(config)#
Enters global configuration mode.
Step 2
vlan vlan_id
Example:
TS_switch(config)# vlan 100
TS_switch(config-vlan)#
Creates VLAN 100 on the TrustSec-capable
gateway switch and enters VLAN configuration
submode.
Step 3
[no] shutdown
Example:
TS_switch(config-vlan)# no shutdown
Provisions VLAN 100.
Step 4
exit
Example:
TS_switch(config-vlan)# exit
TS_switch(config)#
Exits VLAN configuration mode into Global
Configuration mode.
Step 5
interface type slot/port
Example:
TS_switch(config)# interface vlan 100
TS_switch(config-if)#
Enters interface configuration mode.
Step 6
ip address slot/port
Example:
TS_switch(config-if)# ip address 10.1.1.2 255.0.0.0
Configures Switched Virtual Interface (SVI) for
VLAN 100.
To Next Page
Loading...
Need help?
General