Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

4-6

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 4 Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport

Verifying the SXP Connections

To enable logging of binding changes, perform the following task:

Detailed Steps for Catalyst 6500

Verifying the SXP Connections

To view the SXP connections, perform this task:

This example shows how to view the SXP connections:

Router# show cts sxp connections

SXP : Enabled

Default Password : Set

Default Source IP: 10.10.1.1

Connection retry open period: 10 secs

Reconcile period: 120 secs

Retry open timer is not running

----------------------------------------------

Peer IP : 10.20.2.2

Source IP : 10.10.1.1

Conn status : On

Conn Version : 2

Connection mode : SXP Listener

Connection inst# : 1

TCP conn fd : 1

TCP conn password: default SXP password

Duration since last state change: 0:00:21:25 (dd:hr:mm:sec)

Total num of SXP Connections = 1

Configuring Layer 3 SGT Transport Between Cisco TrustSec

Domains

You can configure Layer 3 SGT Transport on Cisco TrustSec gateway devices on the edges of a network

domain that has no Cisco TrustSec-capable devices.

Command Purpose

Step 1

Router# configure terminal

Enters configuration mode.

Step 2

Router(config)# cts sxp log binding-changes

Turns on logging for IP to SGT binding changes.

Command Purpose

Step 1

Router# show cts sxp connections [brief]

Displays SXP status and connections.

Feature Name Releases Feature Information

L3 SGT Transport 12.2(50) SY This feature was introduced on the Catalyst 6500 series

switches.

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.