Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

B-1

Cisco TrustSec Configuration Guide

OL-22192-01

APPENDIX

Notes for Catalyst 4500 Series Switches

Revised: April 24, 2013, OL-22192-01

Supported Hardware and Software

For a complete table of features, platforms, and IOS images supported see the latest Product Bulletins

at the following URL:

http://www.cisco.com/en/US/netsol/ns1051/index.html

See also, the Matrix of Cisco TrustSec-Enabled Infrastructure at the following URL:

http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html

TrustSec SGT and SGACL Configuration Guidelines and

Limitations

The following guidelines and limitations apply to configuring Cisco TrustSec SGT and SGACL on

Catalyst WS-X45-SUP7-E/SUP7L-E and WS-C4500X-32 switches:

Propagation of Security Group Tag in the CMD header is supported on the supervisor engine uplink

ports, the WS-X47xx series line cards, and the WS-X4640-CSFP-E linecard.

The way Destination Security tag (DGT) is derived for switched traffic (i.e. traffic forwarded between

ports in the same VLAN or subnet) is restricted:

• A maximum of 2000 IP-SGT mappings exists for DGT derivation. Though you can configure

IP-SGT mappings above this limit, such mappings cannot be used to derive DGT for switched

traffic. You can, however, use them to derive DGT for other types of traffic (e.g. routed traffic).

• We cannot derive the DGT using IP subnet to SGT mapping. It can be derived only from IP address

(with a /32 prefix) to SGT mapping.

Note None of the previous restrictions exist for deriving either Source Security Tag (SGT) for any type

of traffic, or DGT for routed traffic (i.e. traffic forwarded between ports of different VLANs or

subnets).

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.