Configuring Cisco TrustSec SXP
Configuring Cisco TrustSec SXP
To configure Cisco TrustSec SXP, follow these steps:
Step 1
Enable the Cisco TrustSec feature (see the
Step 2
Enable Cisco TrustSec SXP (see the
Step 3
Configure SXP peer connections (see the
Enabling Cisco TrustSec SXP
You must enable Cisco TrustSec SXP before you can configure peer connections. To enable Cisco
TrustSec SXP, perform this task:
Detailed Steps for Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# [no] cts sxp enable
Step 3
Router(config)# exit
Configuring an SXP Peer Connection
You must configure the SXP peer connection on both of the devices. One device is the speaker and the
other is the listener. When using password protection, make sure to use the same password on both ends.
If a default SXP source IP address is not configured and you do not configure an SXP source address in
Note
the connection, the Cisco TrustSec software derives the SXP source IP address from existing local IP
addresses. The SXP source address might be different for each TCP connection initiated from the switch.
Cisco TrustSec Configuration Guide
4-2
Chapter 4
Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport
"Configuring Identities, Connections, and
"Enabling Cisco TrustSec SXP" section on page
"Configuring an SXP Peer Connection" section on page
Purpose
Enters global configuration mode.
Enables SXP for Cisco TrustSec.
Exits configuration mode.
SGTs" chapter).
4-2).
4-2).
OL-22192-01