Trustsec: Configuring SXP

In this video, we’re going to walk through the configuration of SGT Exchange Protocol (SXP). We’ll first configure it between two switches that are separated by a non-Trustsec-capable device and then we’ll configure it between the switches and ISE.


SWITCH CONFIGURATION

cts sxp enable
cts sxp default source-ip <local-source-IP-address>
cts sxp default password <password>
cts sxp connection peer <SXP-Peer-IP> password default mode local both 

or

cts sxp connection peer <SXP-Peer-IP> password default mode local both vrf <vrf-name>
Optional:
cts sxp log binding-changes

USEFUL SHOW COMMANDS

show cts sxp connection 
show cts sxp connection brief
show cts sxp sgt-map brief
show cts role-based sgt-map all