Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼
28
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Support for Cisco TrustSec
Configuring TrustSec SXP to Get a SGT From an AAA-Server
ASA Configuration
cts sxp enable
cts sxp default password *****
cts sxp reconciliation period 60
cts sxp retry period 60
XLM Example
test3_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="SXP" name="SXP">
<vnsDevParam key="default_password" name="default_password" value="cisco123"/>
<vnsDevParam key="retry_period" name="retry_period" value="60"/>
<vnsDevParam key="enable" name="enable" value="true"/>
<vnsDevParam key="reconciliation_period" name="reconciliation_period" value="60"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''
Configuring a SXP Listener and Speaker
ASA Configuration
cts sxp connection peer 2001:3030:30::112 password default mode local listener
cts sxp connection peer 192.168.102.240 password default mode local listener
XLM Example
test4_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="SXP" name="SXP">
<vnsDevFolder key="peer" name="peer">
<vnsDevParam key="password" name="password" value="default"/>
<vnsDevParam key="ip_address" name="ip_address" value="192.168.102.240"/>
<vnsDevParam key="mode" name="mode" value="local"/>
<vnsDevParam key="role" name="mode" value="listener"/>
</vnsDevFolder>
<vnsDevFolder key="peer" name="peer2">
<vnsDevParam key="password" name="password" value="default"/>