EasyManuals Logo

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #53 background imageLoading...
Page #53 background image
3-17
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Manually Configuring IP-Address-to-SGT Mapping
Default Settings
There are no default settings.
Configuring VLAN to SGT Mapping
This section includes the following topics:
Task Flow for Configuring VLAN-SGT Mapping, page 3-17
Task Flow for Configuring VLAN-SGT Mapping
Create a VLAN on the TrustSec switch with the same VLAN_ID of the incoming VLAN.
Create an SVI for the VLAN on the TrustSec switch to be the default gateway for the endpoint
clients.
Configure the TrustSec switch to apply an SGT to the VLAN traffic.
Enable IP Device tracking on the TrustSec switch.
Verify that VLAN to SGT mapping occurs on the TrustSec switch.
Detailed Steps for Catalyst 6500
Command Purpose
Step 1
config t
Example:
TS_switchswitch# config t
TS_switchswitch(config)#
Enters global configuration mode.
Step 2
vlan vlan_id
Example:
TS_switch(config)# vlan 100
TS_switch(config-vlan)#
Creates VLAN 100 on the TrustSec-capable
gateway switch and enters VLAN configuration
submode.
Step 3
[no] shutdown
Example:
TS_switch(config-vlan)# no shutdown
Provisions VLAN 100.
Step 4
exit
Example:
TS_switch(config-vlan)# exit
TS_switch(config)#
Exits VLAN configuration mode into Global
Configuration mode.
Step 5
interface type slot/port
Example:
TS_switch(config)# interface vlan 100
TS_switch(config-if)#
Enters interface configuration mode.
Step 6
ip address slot/port
Example:
TS_switch(config-if)# ip address 10.1.1.2 255.0.0.0
Configures Switched Virtual Interface (SVI) for
VLAN 100.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
CategoryNetwork Security
FunctionalityProvides role-based access control, network segmentation, and policy enforcement.
Key ComponentsSecurity Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)A protocol used to propagate SGT information across network devices.
Policy EnforcementEnforces security policies based on SGTs and SGACLs.
BenefitsEnhanced security, simplified policy management, and improved compliance.
EncryptionSupports encryption for data in transit through IPsec and MACsec.
ScalabilityScalable to large enterprise networks with thousands of devices.
CompatibilityCompatible with a wide range of Cisco network devices.
DescriptionCisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.

Related product manuals