4-6
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 4 Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport
Verifying the SXP Connections
To enable logging of binding changes, perform the following task:
Detailed Steps for Catalyst 6500
Verifying the SXP Connections
To view the SXP connections, perform this task:
This example shows how to view the SXP connections:
Router# show cts sxp connections
SXP : Enabled
Default Password : Set
Default Source IP: 10.10.1.1
Connection retry open period: 10 secs
Reconcile period: 120 secs
Retry open timer is not running
----------------------------------------------
Peer IP : 10.20.2.2
Source IP : 10.10.1.1
Conn status : On
Conn Version : 2
Connection mode : SXP Listener
Connection inst# : 1
TCP conn fd : 1
TCP conn password: default SXP password
Duration since last state change: 0:00:21:25 (dd:hr:mm:sec)
Total num of SXP Connections = 1
Configuring Layer 3 SGT Transport Between Cisco TrustSec
Domains
You can configure Layer 3 SGT Transport on Cisco TrustSec gateway devices on the edges of a network
domain that has no Cisco TrustSec-capable devices.
Command Purpose
Step 1
Router# configure terminal
Enters configuration mode.
Step 2
Router(config)# cts sxp log binding-changes
Turns on logging for IP to SGT binding changes.
Command Purpose
Step 1
Router# show cts sxp connections [brief]
Displays SXP status and connections.
Feature Name Releases Feature Information
L3 SGT Transport 12.2(50) SY This feature was introduced on the Catalyst 6500 series
switches.
To Next Page
Loading...
