In this video, we’re going to walk through the configuration of SGT Exchange Protocol (SXP). We’ll first configure it between two switches that are separated by a non-Trustsec-capable device and then we’ll configure it between the switches and ISE.
SWITCH CONFIGURATION
cts sxp enable
cts sxp default source-ip <local-source-IP-address>
cts sxp default password <password>
cts sxp connection peer <SXP-Peer-IP> password default mode local both or
cts sxp connection peer <SXP-Peer-IP> password default mode local both vrf <vrf-name>Optional:
cts sxp log binding-changesUSEFUL SHOW COMMANDS
show cts sxp connection show cts sxp connection briefshow cts sxp sgt-map briefshow cts role-based sgt-map all