Default Settings; Configuring Vlan To Sgt Mapping - Cisco TrustSec Configuration Manual

Chapter 3 Configuring Identities, Connections, and SGTs

Default Settings

There are no default settings.

Configuring VLAN to SGT Mapping

This section includes the following topics:
•
Task Flow for Configuring VLAN-SGT Mapping
•
•
•
•
•
Detailed Steps for Catalyst 6500
Command
Step 1
config t
Example:
TS_switchswitch# config t
TS_switchswitch(config)#
Step 2
vlan vlan_id
Example:
TS_switch(config)# vlan 100
TS_switch(config-vlan)#
Step 3
[no] shutdown
Example:
TS_switch(config-vlan)# no shutdown
Step 4
exit
Example:
TS_switch(config-vlan)# exit
TS_switch(config)#
Step 5
interface type slot/port
Example:
TS_switch(config)# interface vlan 100
TS_switch(config-if)#
Step 6
ip address slot/port
Example:
TS_switch(config-if)# ip address 10.1.1.2 255.0.0.0
OL-22192-02
Task Flow for Configuring VLAN-SGT Mapping, page 3-17
Create a VLAN on the TrustSec switch with the same VLAN_ID of the incoming VLAN.
Create an SVI for the VLAN on the TrustSec switch to be the default gateway for the endpoint
clients.
Configure the TrustSec switch to apply an SGT to the VLAN traffic.
Enable IP Device tracking on the TrustSec switch.
Verify that VLAN to SGT mapping occurs on the TrustSec switch.
Manually Configuring IP-Address-to-SGT Mapping
Purpose
Enters global configuration mode.
Creates VLAN 100 on the TrustSec-capable
gateway switch and enters VLAN configuration
submode.
Provisions VLAN 100.
Exits VLAN configuration mode into Global
Configuration mode.
Enters interface configuration mode.
Configures Switched Virtual Interface (SVI) for
VLAN 100.
Cisco TrustSec Configuration Guide
3-17