Which three statements about Security Group Tag Exchange Protocol are true? (Choose three.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BCD.
The Security Group Tag Exchange Protocol (SXP) is a Cisco proprietary protocol that enables the exchange of Security Group Tags (SGTs) between network devices. SGTs are used to identify and enforce access control policies based on user groups rather than IP addresses.
Here are the three statements that are true about SXP:
B. A connection is established between a "listener" and a "speaker." SXP uses a "listener-speaker" model to establish a connection between two network devices. The "listener" is the device that receives SGT information, and the "speaker" is the device that sends SGT information. The listener and speaker must be configured with the same SXP settings, including the source and destination IP addresses and the shared secret. Once the connection is established, the listener and speaker exchange SGT information.
C. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform SGT tagging at Layer 2 to devices that support it. SXP enables the propagation of the IP-to-SGT binding table across network devices. This allows devices that do not support SGT tagging at Layer 2 to enforce access control policies based on SGTs. SXP achieves this by exchanging SGT information between the listener and speaker devices. When a device receives an IP packet with an SGT, it can use the IP-to-SGT binding table to enforce access control policies based on the SGT.
E. SXPv2 introduces connection security via TLS. SXPv2 is an updated version of SXP that includes support for connection security via Transport Layer Security (TLS). TLS is a cryptographic protocol that provides secure communication over the internet. SXPv2 uses TLS to encrypt SXP messages and to authenticate the listener and speaker devices. This helps to prevent unauthorized access to SXP messages and to ensure that SXP messages are not tampered with in transit.
The following statements are false:
A. SXP runs on UDP port 64999. SXP actually runs on TCP port 64999, not UDP.
D. SXP is supported across multiple hops. SXP is not supported across multiple hops. Each SXP connection is between a single listener and a single speaker device. If SXP needs to be propagated to another device, a separate connection must be established between the new listener and speaker devices.