1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Dhcp Snooping And Sgt Assignment; Verifying The Sgt To Endpoint Host Binding - Cisco TrustSec Configuration Manual

Hide thumbs
Table of Contents

Advertisement

DHCP Snooping and SGT Assignment

DHCP Snooping and SGT Assignment
After the authentication process, authorization of the device occurs (for example, dynamic VLAN
assignment, ACL programming, etc.). For TrustSec networks, a Security Group Tag (SGT) is assigned
per the user configuration in the Cisco ACS. The SGT is bound to traffic sent from that endpoint through
DHCP snooping and the IP device tracking infrastructure.
The following example enables DHCP snooping and IP device tracking on an access switch:
switch# conf t
Enter configuration commands, one per line.
switch(config)# ip dhcp snooping
switch(config)# ip dhcp snooping vlan 10
switch(config)# no ip dhcp snooping information option
switch(config)# ip device tracking
For more detailed information on DHCP snooping and IP device tracking configuration, see the
configuration guide for your access switch.

Verifying the SGT to Endpoint Host Binding

To verify that hosts are visible to DHCP Snooping and IP Device Tracking, use the
show ip dhcp snooping binding and show ip device tracking commands.
switch# show ip dhcp snooping binding
MacAddress
------------------
00:0C:29:3A:04:8E
Total number of bindings: 1
switch# show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
--------------------------------------------------------------
IP Address
--------------------------------------------------------------
10.252.10.10
To verify that the correct SGT is bound to an endpoint IP address, use the show cts role-based sgt-map
command.
switch# show cts role-based sgt-map all
Active IP-SGT Bindings Information
IP Address
============================================
1.1.1.1
10.252.10.1
10.252.10.10
10.252.100.1
172.26.208.31 7 INTERNAL
IP-SGT Active Bindings Summary
============================================
Total number of LOCAL
Total number of INTERNAL bindings = 4
Total number of active
Cisco TrustSec Configuration Guide
6-6
IpAddress
---------------
10.252.10.10
MAC Address
Interface
000c.293a.048e GigabitEthernet2/1
SGT Source
7 INTERNAL
7 INTERNAL
3 LOCAL
7 INTERNAL
bindings = 1
bindings = 5
Chapter 6
End with CNTL/Z.
Lease(sec)
Type
----------
-------------
84814
dhcp-snooping
STATE
ACTIVE
Configuring Endpoint Admission Control
VLAN
Interface
----
--------------------
10
GigabitEthernet2/1
OL-22192-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Content for Cisco TrustSec

Table of Contents