2-3
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 2 Configuring the Cisco TrustSec Solution
Additional Documentation
Cisco TrustSec Guidelines and Limitations
Cisco TrustSec has the following guidelines and limitations for Catalyst switches:
• AAA for Cisco TrustSec uses RADIUS and is supported only by the Cisco Secure Access Control
System (ACS), version 5.1 or later.
• You must enable the 802.1X feature globally for Cisco TrustSec to perform NDAC authentication.
If you disable 802.1X globally, you will disable NDAC.
• Cisco TrustSec is supported only on physical interfaces, not on logical interfaces.
• Cisco TrustSec does not support IPv6 in the releases referenced in this guide.
• If the default password is configured on a switch, the connection on that switch should configure the
password to use the default password. If the default password is not configured on a switch, the
connection on that switch should also not configure a password. The configuration of the password
option should be consistent across the deployment network.
• Configure the retry open timer command to a different value on different switches.
Default Settings
Table 2-1 lists the default settings for Cisco TrustSec parameters.
Additional Documentation
Release-Specific Documents
Table 2-1 Default Cisco TrustSec Parameters
Parameters Default
Cisco TrustSec Disabled.
SXP Disabled.
SXP default password None.
SXP reconciliation period 120 seconds (2 minutes).
SXP retry period 60 seconds (1 minute).
Cisco TrustSec Caching Disabled.
Release-Specific Document Title TrustSec Topics
Release Notes for Cisco TrustSec General
Availability Releases
• Open and resolved caveats
• Current hardware and software support
To Next Page
Loading...
Need help?
General