Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-11

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 1 Cisco TrustSec Overview

Information about Cisco TrustSec Architecture

The NDAC and SAP negotiation process is shown in Figure 1-5.

Figure 1-5 NDAC and SAP Negotiation

Environment Data Download

The Cisco TrustSec environment data is a collection of information or policies that assists a device to

function as a Cisco TrustSec node. The device acquires the environment data from the authentication

server when the device first joins a Cisco TrustSec domain, although you might also manually configure

some of the data on a device. For example, you must configure the seed Cisco TrustSec device with the

authentication server information, which can later be augmented by the server list that the device

acquires from the authentication server.

The device must refresh the Cisco TrustSec environment data before it expires. The device can also cache

the environment data and reuse it after a reboot if the data has not expired.

The device uses RADIUS to acquire the following environment data from the authentication server:

• Server lists—List of servers that the client can use for future RADIUS requests (for both

authentication and authorization).

• Device SG—Security group to which the device itself belongs.

• Expiry timeout—Interval that controls how often the Cisco TrustSec device should refresh its

environment data.

SAP negotiation

authentication

authorization

authentication

supplican

Supplicant

Authentication Authentication

Authorization

SAP negotiation

authentication

authorization

AT AS

Authentication Authentication

Authorization

187007

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.