4-2
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 4 Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport
Configuring Cisco TrustSec SXP
Configuring Cisco TrustSec SXP
To configure Cisco TrustSec SXP, follow these steps:
Step 1 Enable the Cisco TrustSec feature (see the “Configuring Identities, Connections, and SGTs” chapter).
Step 2 Enable Cisco TrustSec SXP (see the “Enabling Cisco TrustSec SXP” section on page 4-2).
Step 3 Configure SXP peer connections (see the “Configuring an SXP Peer Connection” section on page 4-2).
Enabling Cisco TrustSec SXP
You must enable Cisco TrustSec SXP before you can configure peer connections. To enable Cisco
TrustSec SXP, perform this task:
Detailed Steps for Catalyst 6500
Configuring an SXP Peer Connection
You must configure the SXP peer connection on both of the devices. One device is the speaker and the
other is the listener. When using password protection, make sure to use the same password on both ends.
Note If a default SXP source IP address is not configured and you do not configure an SXP source address in
the connection, the Cisco TrustSec software derives the SXP source IP address from existing local IP
addresses. The SXP source address might be different for each TCP connection initiated from the switch.
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# [no] cts sxp enable
Enables SXP for Cisco TrustSec.
Step 3
Router(config)# exit
Exits configuration mode.
To Next Page
Loading...
Need help?
General