Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Contents

Cisco TrustSec Configuration Guide

OL-22192-01

Layer 3 Logical Interface to SGT Mapping (L3IF–SGT Mapping) 3-20

Feature History for L3IF-SGT Mapping 3-21

Default Settings 3-21

Configuring L3IF to SGT Mapping 3-21

Verifying L3IF to SGT Mapping 3-21

Configuration Example for L3IF to SGT Mapping on an Ingress Port 3-22

Binding Source Priorities 3-22

Configuring Additional Authentication Server-Related Parameters 3-23

Automatically Configuring a New or Replacement Password with the Authentication Server 3-24

Configuring SGT Exchange Protocol over TCP (SXP) and Layer 3 Transport 4-1

Cisco TrustSec SGT Exchange Protocol Feature Histories 4-1

Configuring Cisco TrustSec SXP 4-2

Enabling Cisco TrustSec SXP 4-2

Configuring an SXP Peer Connection 4-2

Configuring the Default SXP Password 4-4

Configuring the Default SXP Source IP Address 4-4

Changing the SXP Reconciliation Period 4-5

Changing the SXP Retry Period 4-5

Creating Syslogs to Capture Changes of IP Address to SGT Mapping Learned Through SXP 4-5

Verifying the SXP Connections 4-6

Configuring Layer 3 SGT Transport Between Cisco TrustSec Domains 4-6

Configuring Cisco TrustSec Reflector for Cisco TrustSec-Incapable Switching Modules 4-8

Configuring Cisco TrustSec Caching 4-9

Enabling Cisco TrustSec Caching 4-9

Clearing the Cisco TrustSec Cache 4-10

Configuring SGACL Policies 5-1

Cisco TrustSec SGACL Feature Histories 5-1

SGACL Policy Configuration Process 5-2

Enabling SGACL Policy Enforcement Globally 5-2

Configuration Examples for Enabling SGACL Policy Enforcement Globally 5-2

Enabling SGACL Policy Enforcement Per Interface 5-3

Configuration Examples for Enabling SGACL Policy Enforcement Per Interface 5-3

Enabling SGACL Policy Enforcement on VLANs 5-3

Configuration Examples for Enabling SGACL Policy Enforcement on VLANs 5-3

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.