Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

4-3

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 4 Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport

Configuring Cisco TrustSec SXP

To configure the SXP peer connection, perform this task:

Detailed Steps for Catalyst 6500

This example shows how to enable SXP and configure the SXP peer connection on Switch A, a speaker,

for connection to Switch B, a listener:

Router# configure terminal

Router(config)# cts sxp enable

Router(config)# cts sxp default password Cisco123

Router(config)# cts sxp default source-ip 10.10.1.1

Router(config)# cts sxp connection peer 10.20.2.2 password default mode local speaker

This example shows how to configure the SXP peer connection on Switch B, a listener, for connection

to Switch A, a speaker:

Router# configure terminal

Router(config)# cts sxp enable

Router(config)# cts sxp default password Cisco123

Command Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# cts sxp connection

peer peer-ipv4-addr

[source src-ipv4-addr]

password {default | none] mode {local |

peer} {speaker | listener}

[vrf vrf-name]

Configures the SXP address connection.

The optional source keyword specifies the IPv4

address of the source device. If no address is specified,

the connection will use the default source address, if

configured, or the address of the port.

The password keyword specifies the password that

SXP will use for the connection using the following

options:

• default—Use the default SXP password you

configured using the cts sxp default password

command.

• none—Do not use a password.

The mode keyword specifies the role of the remote

peer device:

• local—The specified mode refers to the local

device.

• peer—The specified mode refers to the peer

device.

• speaker—Default. Specifies that the device is the

speaker in the connection.

• listener—Specifies that the device is the listener

in the connection.

The optional vrf keyword specifies the VRF to the

peer. The default is the default VRF.

Step 3

Router(config)# exit

Exits configuration mode.

Step 4

Router# show cts sxp connections

(Optional) Displays the SXP connection information.

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.