Cisco TrustSec

208 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

3-19

Cisco TrustSec Configuration Guide

OL-22192-02

Chapter 3 Configuring Identities, Connections, and SGTs

Manually Configuring IP-Address-to-SGT Mapping

Verifying VLAN to SGT Mapping

To display VLAN to SGT configuration information, use the following show commands:

For detailed information about the fields in the output from these commands, refer to Chapter 7, “Cisco

TrustSec Command Summary,” or the “Cisco IOS 15.0SY Security and VPN Command Reference.”

Configuration Example for VLAN to SGT Mapping for a Single Host Over an Access Link

In the following example, a single host connects to VLAN 100 on an access switch. The access switch

has an access mode link to a Catalyst 6500 series TrustSec software-capable switch. A switched virtual

interface on the TrustSec switch is the default gateway for the VLAN 100 endpoint (IP Address

10.1.1.1). The TrustSec switch imposes Security Group Tag (SGT) 10 on packets from VLAN 100.

Step 1 Create VLAN 100 on an access switch.

access_switch# config t

access_switch(config)# vlan 100

access_switch(config-vlan)# no shutdown

access_switch(config-vlan)# exit

access_switch(config)#

Step 2 Configure the interface to the TrustSec switch as an access link. Configurations for the endpoint access

port are omitted in this example.

access_switch(config)# interface gigabitEthernet 6/3

access_switch(config-if)# switchport

access_switch(config-if)# switchport mode access

access_switch(config-if)# switchport access vlan 100

Step 3 Create VLAN 100 on the TrustSec switch.

TS_switch(config)# vlan 100

TS_switch(config-vlan)# no shutdown

TS_switch(config-vlan)# end

TS_switch#

Step 13

show ip device tracking {all|interface|ip|mac}

Example:

TS_switch# show ip device tracking all

(Optional) Verifies the operational status of IP

Device tracking.

Step 14

copy running-config startup-config

Example:

TS_switch# copy running-config

startup-config

(Optional) Copies the running configuration to the

startup configuration.

Command Purpose

Command Purpose

show ip device tracking Displays the status of IP Device Tracking which

identifies the IP addresses of active hosts on a

VLAN.

show cts role-based sgt-map Displays IP address to SGT bindings.

Table of Contents

Related product manuals

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-X6148-GE-TX - Switch

Cisco WS-X6148-GE-TX - Switch

Preview: Cisco 500 Series

Cisco 500 Series

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Preview: Cisco Catalyst 3560

Cisco Catalyst 3560

Preview: Cisco MDS 9000 Series

Cisco MDS 9000 Series

Preview: Cisco Nexus 3000 series

Cisco Nexus 3000 series

Preview: Cisco Nexus 7000 Series

Cisco Nexus 7000 Series

Preview: Cisco Catalyst 2960 Series

Cisco Catalyst 2960 Series

Preview: Cisco Catalyst 4500 Series

Cisco Catalyst 4500 Series

Preview: Cisco Catalyst 4900 Series

Cisco Catalyst 4900 Series

Preview: Cisco Catalyst 8500 Series

Cisco Catalyst 8500 Series