Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Contents

Cisco TrustSec Configuration Guide

OL-22192-01

Configuring the Cisco TrustSec Solution 2-1

Configuration Overview 2-1

Cisco TrustSec Configuration How-to Documents 2-1

Supported Hardware and Software 2-2

Prerequisites for Cisco TrustSec 2-2

Cisco TrustSec Guidelines and Limitations 2-3

Default Settings 2-3

Additional Documentation 2-3

Release-Specific Documents 2-3

Platform-Specific Documents 2-4

Cisco IOS TrustSec Documentation Set 2-5

Configuring Identities, Connections, and SGTs 3-1

Cisco TrustSec Identity Configuration Feature Histories 3-1

Configuring Credentials and AAA for a Cisco TrustSec Seed Device 3-2

Configuration Examples for Seed Device 3-3

Configuring Credentials and AAA for a Cisco TrustSec Non-Seed Device 3-3

Configuration Examples for Non-Seed Device 3-4

Enabling Cisco TrustSec Authentication and MACsec in 802.1X Mode on an Uplink Port 3-5

Configuration Examples for 802.1X on Uplink Port 3-6

Configuring Cisco TrustSec and MACsec in Manual Mode on an Uplink Port 3-6

Configuration Examples for Manual Mode and MACsec on an Uplink Port 3-8

Regenerating SAP Key on an Interface 3-9

Verifying the Cisco TrustSec Interface Configuration 3-9

Manually Configuring a Device SGT 3-11

Configuration Examples for Manually Configuring a Device SGT 3-11

Manually Configuring IP-Address-to-SGT Mapping 3-12

Subnet to SGT Mapping 3-12

Default Settings 3-12

Configuring Subnet to SGT Mapping 3-12

Verifying Subnet to SGT Mapping Configuration 3-15

Configuration Examples for Subnet to SGT Mapping 3-15

VLAN to SGT Mapping 3-16

Default Settings 3-17

Configuring VLAN to SGT Mapping 3-17

Verifying VLAN to SGT Mapping 3-19

Configuration Example for VLAN to SGT Mapping for a Single Host Over an Access Link 3-19

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.