iii
Cisco TrustSec Configuration Guide
OL-22192-01
CONTENTS
Preface ix
Cisco TrustSec Overview 1-1
Information about Cisco TrustSec Architecture 1-1
Authentication 1-3
Cisco TrustSec and Authentication 1-3
Device Identities 1-6
Device Credentials 1-6
User Credentials 1-6
Security Group-Based Access Control 1-7
Security Groups and SGTs 1-7
SGACL Policies 1-7
Ingress Tagging and Egress Enforcement 1-8
Determining the Source Security Group 1-9
Determining the Destination Security Group 1-10
SGACL Enforcement on Routed and Switched Traffic 1-10
Authorization and Policy Acquisition 1-10
Environment Data Download 1-11
RADIUS Relay Functionality 1-12
Link Security 1-12
Using Cisco TrustSec-Incapable Devices and Networks in a Cisco TrustSec Network 1-13
SXP for SGT Propagation Across Legacy Access Networks 1-13
Layer 3 SGT Transport for Spanning Non-TrustSec Regions 1-14
Cisco TrustSec Reflector for Cisco TrustSec-Incapable Switching Modules 1-15
Ingress Reflector 1-16
Egress Reflector 1-16
VRF-Aware SXP 1-17
Layer 2 VRF-Aware SXP and VRF Assignment 1-17
To Next Page
Loading...
