Changing The Sxp Reconciliation Period; Changing The Sxp Retry Period; Creating Syslogs To Capture Changes Of Ip Address To Sgt Mapping Learned Through Sxp - Cisco TrustSec Configuration Manual

Chapter 4 Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport

Changing the SXP Reconciliation Period

After a peer terminates an SXP connection, an internal hold-down timer starts. If the peer reconnects
before the internal hold-down timer expires, the SXP reconciliation period timer starts. While the SXP
reconciliation period timer is active, the Cisco TrustSec software retains the SGT mapping entries
learned from the previous connection and removes invalid entries. The default value is 120 seconds (2
minutes). Setting the SXP reconciliation period to 0 seconds disables the timer and causes all entries
from the previous connection to be removed.
To change the SXP reconciliation period, perform this task:
Detailed Steps for Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# cts sxp reconciliation
period seconds
Step 3
Router(config)# exit

Changing the SXP Retry Period

The SXP retry period determines how often the Cisco TrustSec software retries an SXP connection.
When an SXP connection is not successfully set up, the Cisco TrustSec software makes a new attempt
to set up the connection after the SXP retry period timer expires. The default value is 120 seconds.
Setting the SXP retry period to 0 seconds disables the timer and retries are not attempted.
To change the SXP retry period, perform this task:
Detailed Steps for Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# cts sxp retry period
seconds
Step 3
Router(config)# exit
Creating Syslogs to Capture Changes of IP Address to SGT
Mapping Learned Through SXP
When the cts sxp log binding-changes global configuration command is executed, SXP syslogs (sev 5
syslog) are generated whenever a change to IP address to SGT binding occurs (add, delete, change).
These changes are learned and propagated on the SXP connection.
The default is no cts sxp log binding-changes.
OL-22192-01
Changing the SXP Reconciliation Period
Purpose
Enters configuration mode.
Changes the SXP reconciliation timer. The default
value is 120 seconds (2 minutes). The range is from 0
to 64000.
Exits configuration mode.
Purpose
Enters configuration mode.
Changes the SXP retry timer. The default value is 120
seconds (2 minutes). The range is from 0 to 64000.
Exits configuration mode.
Cisco TrustSec Configuration Guide
4-5