Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

3-10

Cisco TrustSec Configuration Guide

OL-22192-02

Chapter 3 Configuring Identities, Connections, and SGTs

Verifying the Cisco TrustSec Interface Configuration

Peer identity: "sanjose"

Peer's advertised capabilities: ""

802.1X role: Supplicant

Reauth period applied to link: Not applicable to Supplicant role

Authorization Status: SUCCEEDED

Peer SGT: 11

Peer SGT assignment: Trusted

SAP Status: NOT APPLICABLE

Configured pairwise ciphers:

gcm-encrypt

null

Replay protection: enabled

Replay protection mode: OUT-OF-ORDER

Selected cipher:

Cache Info:

Expiration : 23:32:40 PDT Jun 22 2009

Cache applied to link : NONE

Expiration : 23:32:40 PDT Jun 22 2009

Statistics:

authc success: 1

authc reject: 0

authc failure: 0

authc no response: 0

authc logoff: 0

sap success: 0

sap fail: 0

authz success: 1

authz fail: 0

port auth fail: 0

Dot1x Info for GigabitEthernet3/1

-----------------------------------

PAE = SUPPLICANT

StartPeriod = 30

AuthPeriod = 30

HeldPeriod = 60

MaxStart = 3

Credentials profile = CTS-ID-profile

EAP profile = CTS-EAP-profile

Dot1x Info for GigabitEthernet3/1

-----------------------------------

PAE = AUTHENTICATOR

PortControl = FORCE_AUTHORIZED

ControlDirection = Both

HostMode = SINGLE_HOST

QuietPeriod = 60

ServerTimeout = 0

SuppTimeout = 55

ReAuthMax = 2

MaxReq = 2

TxPeriod = 30

Example: Cisco 3850 TrustSec interface query:

Edison24U> show cts interface gig 1/0/6

Global Dot1x feature is Disabled

Interface GigabitEthernet1/0/6:

CTS is enabled, mode: MANUAL

IFC state: INIT

Authentication Status: NOT APPLICABLE

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.