Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

2-3

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 2 Configuring the Cisco TrustSec Solution

Additional Documentation

Cisco TrustSec Guidelines and Limitations

Cisco TrustSec has the following guidelines and limitations for Catalyst switches:

• AAA for Cisco TrustSec uses RADIUS and is supported only by the Cisco Secure Access Control

System (ACS), version 5.1 or later.

• You must enable the 802.1X feature globally for Cisco TrustSec to perform NDAC authentication.

If you disable 802.1X globally, you will disable NDAC.

• Cisco TrustSec is supported only on physical interfaces, not on logical interfaces.

• Cisco TrustSec does not support IPv6 in the releases referenced in this guide.

• If the default password is configured on a switch, the connection on that switch should configure the

password to use the default password. If the default password is not configured on a switch, the

connection on that switch should also not configure a password. The configuration of the password

option should be consistent across the deployment network.

• Configure the retry open timer command to a different value on different switches.

Default Settings

Table 2-1 lists the default settings for Cisco TrustSec parameters.

Additional Documentation

Release-Specific Documents

Table 2-1 Default Cisco TrustSec Parameters

Parameters Default

Cisco TrustSec Disabled.

SXP Disabled.

SXP default password None.

SXP reconciliation period 120 seconds (2 minutes).

SXP retry period 60 seconds (1 minute).

Cisco TrustSec Caching Disabled.

Release-Specific Document Title TrustSec Topics

Release Notes for Cisco TrustSec General

Availability Releases

• Open and resolved caveats

• Current hardware and software support

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.