EasyManuals Logo

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #49 background imageLoading...
Page #49 background image
3-13
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Manually Configuring IP-Address-to-SGT Mapping
Restrictions
An IPv4 subnetwork with a /31 prefix cannot be expanded.
Subnet host addresses cannot be bound to SGTs when the network-map bindings parameter is less
than the total number of subnet hosts in the specified subnets, or when bindings is 0.
IPv6 expansions and propagation only occurs when SXP speaker and listener are running SXPv3,
or more recent versions.
Detailed Steps for Catalyst 6500
Command Purpose
Step 1
config t
Example:
switch# config t
switch(config)#
Enters global configuration mode.
Step 2
[no] cts sxp mapping network-map bindings
Example:
switch(config)# cts sxp mapping network-map 10000
Configures the Subnet to SGT Mapping host count
constraint. The bindings argument specifies the
maximum number of subnet IP hosts that can be
bound to SGTs and exported to the SXP listener.
bindings—(0 to 65,535)
default is 0 (no expansions performed)
Step 3
[no] cts role-based sgt-map
ipv4_address/prefix sgt number
Example:
switch(config)# cts role-based sgt-map
10.10.10.10/29 sgt 1234
(IPv4) Specifies a subnet in CIDR notation. Use the
[no] form of the command to unconfigure the Subnet
to SGT mapping. The number of bindings specified
in Step 2 should match or exceed the number of host
addresses in the subnet (excluding network and
broadcast addresses). The sgt number keyword
specifies the Security Group Tag to be bound to
every host address in the specified subnet.
ipv4_address—Specifies the IPv4 network
address in dotted decimal notation.
prefix—(0 to 30). Specifies the number of bits in
the network address.
sgt number (0–65,535). Specifies the Security
Group Tag (SGT) number.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
CategoryNetwork Security
FunctionalityProvides role-based access control, network segmentation, and policy enforcement.
Key ComponentsSecurity Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)A protocol used to propagate SGT information across network devices.
Policy EnforcementEnforces security policies based on SGTs and SGACLs.
BenefitsEnhanced security, simplified policy management, and improved compliance.
EncryptionSupports encryption for data in transit through IPsec and MACsec.
ScalabilityScalable to large enterprise networks with thousands of devices.
CompatibilityCompatible with a wide range of Cisco network devices.
DescriptionCisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.

Related product manuals