EasyManuals Logo

Cisco Catalyst 3560-X User Manual

Cisco Catalyst 3560-X
1538 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #400 background imageLoading...
Page #400 background image
1-2
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Cisco TrustSec
Ta b l e 1 C i s c o Tr u s t S e c K e y F e a t u re s
Cisco TrustSec Feature Description
802.1AE Tagging
(MACSec)
Protocol for IEEE 802.1AE-based wire-rate hop-to-hop
Layer 2 encryption.
Between MACSec-capable devices, packets are encrypted on
egress from the transmitting device, decrypted on ingress to
the receiving device, and in the clear within the devices.
This feature is only available between TrustSec
hardware-capable devices.
Endpoint Admission Control
(EAC)
EAC is an authentication process for an endpoint user or a
device connecting to the TrustSec domain. Usually EAC takes
place at the access level switch. Successful authentication and
authorization in the EAC process results in Security Group
Tag assignment for the user or device. Currently EAC can be
802.1X, MAC Authentication Bypass (MAB), and Web
Authentication Proxy (WebAuth).
Network Device Admission Control
(NDAC)
NDAC is an authentication process where each network
device in the TrustSec domain can verify the credentials and
trustworthiness of its peer device. NDAC utilizes an
authentication framework based on IEEE 802.1X port-based
authentication and uses EAP-FAST as its EAP method.
Successful authentication and authorization in NDAC process
results in Security Association Protocol negotiation for IEEE
802.1AE encryption.
Security Group Access Control List
(SGACL)
A Security Group Access Control List (SGACL) associates a
Security Group Tag with a policy. The policy is enforced upon
SGT-tagged traffic egressing the TrustSec domain.
Security Association Protocol
(SAP)
After NDAC authentication, the Security Association
Protocol (SAP) automatically negotiates keys and the cipher
suite for subsequent MACSec link encryption between
TrustSec peers. SAP is defined in IEEE 802.11i.
Security Group Tag
(SGT)
An SGT is a 16-bit single label indicating the security
classification of a source in the TrustSec domain. It is
appended to an Ethernet frame or an IP packet.
SGT Exchange Protocol
(SXP)
Security Group Tag Exchange Protocol (SXP). With SXP,
devices that are not TrustSec-hardware-capable can receive
SGT attributes for authenticated users or devices from the
Cisco Secure Access Control System (ACS). The devices can
forward the sourceIP-to-SGT binding to a
TrustSec-hardware-capable device for tagging and SGACL
enforcement.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General IconGeneral
Enclosure TypeRack-mountable - 1U
SubtypeGigabit Ethernet
Ports48 x 10/100/1000 + 4 x SFP
Flash Memory64 MB
Power DeviceInternal power supply
Voltage RequiredAC 120/230 V (50/60 Hz)
Operating SystemCisco IOS
Device TypeSwitch
PerformanceSwitching capacity: 128 Gbps
Jumbo Frame SupportYes
Routing ProtocolRIP-1, RIP-2, EIGRP
Remote Management ProtocolSNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
FeaturesDHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
StackingStackable
Security FeaturesSSH, RADIUS, TACACS+
ManagementCLI
Dimensions (H x W x D)17.5 in
Operating Temperature32 to 113 °F (0 to 45 °C)
Humidity10 - 95% (non-condensing)

Related product manuals