Cisco UCS Director Network Devices Management Guide, Release 6.5

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: July 9, 2017

Chapter: Configuring SGT Exchange Protocol Connection

About SXP Connection
Configuring an SXP Peer Connection

Configuring SGT Exchange Protocol Connection

This chapter contains the following sections:

About SXP Connection
Configuring an SXP Peer Connection

About SXP Connection

You can use the Security Group Tag (SGT) Exchange Protocol (SXP) to propagate the SGTs across network devices that do not have hardware support for Cisco TrustSec.

In Cisco UCS Director, SXP connection is supported on the following Cisco network devices:

Cisco Nexus 1000 Series switches
Cisco Nexus 5000, 5500, and 5672 Series switches
Cisco Nexus 7000 Series switches
Cisco ASA 5500 Series firewall
Cisco Adaptive Security Virtual Appliance (ASAv)

Configuring an SXP Peer Connection

You must configure the SXP peer connection on both of the devices. One device is the speaker and the other is the listener. When using password protection, make sure to use the same password on both ends.

Note

If a default SXP source IP address is not configured and you do not configure an SXP source address in the connection, the Cisco TrustSec software derives the SXP source IP address from existing local IP addresses. The SXP source address might be different for each TCP connection initiated from the switch.

Step 1

Choose Physical > Network.

Step 2

On the Network page, choose the pod.

Step 3

Select the network device to be configured.

Note

For configuring SXP peer connection on Cisco Nexus 7000 Series switches, click the VDC tab, choose the Ethernet type VDC, and click View Details.

Step 4

Click SXP Connection Peers.

Step 5

Click Add.

Step 6

In the Configure SXP Connection Peer screen, complete the required fields, including the following:

Name

Description

Enable SXP check box

Check the check box to enable SXP.

Default Source IP Address field

The IP address of the default source device.

Note

If no address is specified, the connection uses the default source address, if configured, or the address of the port.

Default Password field

The password that SXP uses for the connection.

Peer IP Address field

The IP address of the peer device.

Source IP Address field

The IP address of the source device.

Password Option drop-down list

Choose one of the following as the password option:

None—Do not use a password.
Default—Use the default SXP password.

Mode drop-down list

Choose one of the following modes to specify the role of the remote peer device:

Peer—The specified mode refers to the peer device.
Local—The specified mode refers to the local device.

VRF field

The Virtual Routing and Forwarding (VRF) to the peer.

Role drop-down list

Choose one of the following as the role of the device:

Listener—Default. Specifies that the device is the listener in the connection.
Speaker—Specifies that the device is the speaker in the connection.

Copy Running configuration to Startup configuration check box

Check the check box to copy the running configuration to the startup configuration.

Step 7

Click Submit.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)