To enter the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (CTS-SXP) peer IP address, to specify if a password
is used for the peer connection, to specify the global hold-time period for a listener or speaker device, and to specify if
the connection is bidirectional, use the cts
sxp
connection
peer command in global configuration mode. To remove these configurations for a peer connection, use the no form of this command.
cts sxp connection peer ipv4-address {source | password} {default | none} mode {local | peer} [ [ [listener | speaker] [hold-time minimum-time maximum-time | vrf vrf-name ]] | | both [vrf vrf-name]]
cts sxp connection peer ipv4-address {source | password} {default | none} mode {local | peer} [ [ [listener | speaker] [hold-time minimum-time maximum-time | vrf vrf-name ]] | | both [vrf vrf-name]]
Syntax Description
ipv4-address
|
SXP peer IPv4 address.
|
source
|
Specifies the source IPv4 address.
|
password
|
Specifies that an SXP password is used for the peer connection.
|
default
|
Specifies that the default SXP password is used.
|
none
|
Specifies no password is used.
|
mode
|
Specifies either the local or peer SXP connection mode.
|
local
|
Specifies that the SXP connection mode refers to the local device.
|
peer
|
Specifies that the SXP connection mode refers to the peer device.
|
listener
|
(Optional) Specifies that the device is the listener in the connection.
|
speaker
|
(Optional) Specifies that the device is the speaker in the connection.
|
hold-time
minimum-time
maximum-time
|
(Optional) Specifies the hold-time period, in seconds, for the device. The range for minimum and maximum time is from 0 to
65535.
A maximum-time value is required only when you use the following keywords: peer speaker and local listener . In other instances, only a minimum-time value is required.
Note
|
If both minimum and maximum times are required, the maximum-time value must be greater than or equal to the minimum-time value.
|
|
vrf
vrf-name
|
(Optional) Specifies the virtual routing and forwarding (VRF) instance name to the peer.
|
both
|
(Optional) Specifies that the device is both the speaker and the listener in the bidirectional SXP connection.
|
Command Default
The CTS-SXP peer IP address is not configured and no CTS-SXP peer password is used for the peer connection.
The default setting for a CTS-SXP connection password is none .
Command Modes
Global configuration (config)
Command History
Release
|
Modification
|
Cisco IOS XE Fuji 16.9.2
|
This command was introduced.
|
Usage Guidelines
When a CTS-SXP connection to a peer is configured with the cts
sxp
connection
peer command, only the connection mode can be changed. The vrf keyword is optional. If a VRF name is not provided or a VRF name is provided with the default keyword, then the connection is set up in the default routing or forwarding domain.
A hold-time
maximum-period value is required only when you use the following keywords: peer speaker and local listener . In other instances, only a hold-time
minimum-period value is required.
Note
|
The maximum-period value must be greater than or equal to the minimum-period value.
|
Use the both keyword to configure a bidirectional SXP connection. With the support for bidirectional SXP configuration, a peer can act
as both a speaker and a listener and propagate SXP bindings in both directions using a single connection.
Examples
The following example shows how to enable CTS-SXP and configure the CTS-SXP peer connection on Device_A, a speaker, for connection
to Device_B, a listener:
Device_A> enable
Device_A# configure terminal
Device_A#(config)# cts sxp enable
Device_A#(config)# cts sxp default password Cisco123
Device_A#(config)# cts sxp default source-ip 10.10.1.1
Device_A#(config)# cts sxp connection peer 10.20.2.2 password default mode local speaker
The following example shows how to configure the CTS-SXP peer connection on Device_B, a listener, for connection to Device_A,
a speaker:
Device_B> enable
Device_B# configure terminal
Device_B(config)# cts sxp enable
Device_B(config)# cts sxp default password Cisco123
Device_B(config)# cts sxp default source-ip 10.20.2.2
Device_B(config)# cts sxp connection peer 10.10.1.1 password default mode local listener
You can also configure both peer and source IP addresses for an SXP connection. The source IP address specified in the cts sxp connection command overwrites the default value.
Device_A(config)# cts sxp connection peer 51.51.51.1 source 51.51.51.2 password none mode local speaker
Device_B(config)# cts sxp connection peer 51.51.51.2 source 51.51.51.1 password none mode local listener
The following example shows how to enable bidirectional CTS-SXP and configure the SXP peer connection on Device_A to connect
to Device_B:
Device_A> enable
Device_A# configure terminal
Device_A#(config)# cts sxp enable
Device_A#(config)# cts sxp default password Cisco123
Device_A#(config)# cts sxp default source-ip 10.10.1.1
Device_A#(config)# cts sxp connection peer 10.20.2.2 password default mode local both