EasyManuals Logo

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #47 background imageLoading...
Page #47 background image
3-11
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Manually Configuring a Device SGT
Peer identity: "unknown"
Peer's advertised capabilities: ""
Authorization Status: NOT APPLICABLE
SAP Status: NOT APPLICABLE
Propagate SGT: Enabled
Cache Info:
Expiration : N/A
Cache applied to link : NONE
Statistics:
authc success: 0
authc reject: 0
authc failure: 0
authc no response: 0
authc logoff: 0
sap success: 0
sap fail: 0
authz success: 0
authz fail: 0
port auth fail: 0
L3 IPM: disabled.
Manually Configuring a Device SGT
In normal Cisco TrustSec operation, the authentication server assigns an SGT to the device for packets
originating from the device. You can manually configure an SGT to be used if the authentication server
is not accessible, but an authentication server-assigned SGT will take precedence over a
manually-assigned SGT.
To manually configure an SGT on the device, perform this task:
Detailed Steps for Catalyst 6500, 3850, 3750-X
Configuration Examples for Manually Configuring a Device SGT
Catalyst 6500, Catalyst 3850, and Catalyst 3750-X:
Switch# configure terminal
Switch(config)# cts sgt 1234
Switch(config)# exit
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# cts sgt tag
Configures the SGT for packets sent from the device.
The tag argument is in decimal format. The range is 1
to 65533.
Step 3
Switch(config)# exit
Exits configuration mode.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
CategoryNetwork Security
FunctionalityProvides role-based access control, network segmentation, and policy enforcement.
Key ComponentsSecurity Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)A protocol used to propagate SGT information across network devices.
Policy EnforcementEnforces security policies based on SGTs and SGACLs.
BenefitsEnhanced security, simplified policy management, and improved compliance.
EncryptionSupports encryption for data in transit through IPsec and MACsec.
ScalabilityScalable to large enterprise networks with thousands of devices.
CompatibilityCompatible with a wide range of Cisco network devices.
DescriptionCisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.

Related product manuals