Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

CHAPTER

3-1

Cisco TrustSec Configuration Guide

OL-22192-02

Configuring Identities, Connections, and SGTs

Revised: October 7, 2013, OL-22192-02

This section includes the following topics:

• Cisco TrustSec Identity Configuration Feature Histories, page 3-1

• Configuring Credentials and AAA for a Cisco TrustSec Seed Device, page 3-2

• Configuring Credentials and AAA for a Cisco TrustSec Non-Seed Device, page 3-3

• Enabling Cisco TrustSec Authentication and MACsec in 802.1X Mode on an Uplink Port, page 3-5

• Configuring Cisco TrustSec and MACsec in Manual Mode on an Uplink Port, page 3-6

• Regenerating SAP Key on an Interface, page 3-9

• Verifying the Cisco TrustSec Interface Configuration, page 3-9

• Manually Configuring a Device SGT, page 3-11

• Manually Configuring IP-Address-to-SGT Mapping, page 3-12

• Manually Configuring a Device SGT, page 3-11

• Configuring Additional Authentication Server-Related Parameters, page 3-23

• Automatically Configuring a New or Replacement Password with the Authentication Server,

page 3-24

Cisco TrustSec Identity Configuration Feature Histories

For a list of supported TrustSec features per platform and the minimum required IOS release, see

the Cisco TrustSec Platform Support Matrix at the following URL:

http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html

Otherwise, see product release notes for detailed feature introduction information.

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.