EasyManuals Logo

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #199 background imageLoading...
Page #199 background image
C-5
Cisco TrustSec Configuration Guide
OL-22192-01
Appendix C Notes for Catalyst 6500 Series Switches
FIPS Support
Prerequisites for FIPS Configuration
Disable Telnet. Users should log in using Secure Shell (SSH) only.
Disable SNMPv1 and v2. Any existing user accounts on the device that have been configured for
SNMPv3 should be configured only with SHA for authentication and AES/3DES for privacy.
Delete all SSH server RSA1 key-pairs.
Guidelines and Limitations for FIPS
The RADIUS keywrap feature works only with Cisco Identity Services Engine 1.1 or Cisco ACS
Release 5.2 or later releases.
HTTPS/TLS access to the module is allowed in FIPS approved mode of operation, using
SSLv3.1/TLSv1.0 and a FIPS approved algorithm.
SSH access to the module is allowed in FIPS approved mode of operation, using SSHv2 and a FIPS
approved algorithm. Many SSH clients provide cryptographic libraries that can be set to FIPS Mode,
making all cryptographic operations FIPS 140-2 Level 2 compliant.
Your passwords must have a minimum of eight alphanumeric characters including at least one letter
and at least one number character.
Default Settings for FIPS
The default is FIPS mode disabled, RADIUS keywrap disabled.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
CategoryNetwork Security
FunctionalityProvides role-based access control, network segmentation, and policy enforcement.
Key ComponentsSecurity Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)A protocol used to propagate SGT information across network devices.
Policy EnforcementEnforces security policies based on SGTs and SGACLs.
BenefitsEnhanced security, simplified policy management, and improved compliance.
EncryptionSupports encryption for data in transit through IPsec and MACsec.
ScalabilityScalable to large enterprise networks with thousands of devices.
CompatibilityCompatible with a wide range of Cisco network devices.
DescriptionCisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.

Related product manuals