Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

3-20

Cisco TrustSec Configuration Guide

OL-22192-02

Chapter 3 Configuring Identities, Connections, and SGTs

Manually Configuring IP-Address-to-SGT Mapping

Step 4 Create an SVI as the gateway for incoming VLAN 100.

TS_switch(config)# interface vlan 100

TS_switch(config-if)# ip address 10.1.1.2 255.0.0.0

TS_switch(config-if)# no shutdown

TS_switch(config-if)# end

TS_switch(config)#

Step 5 Assign Security Group Tag (SGT) 10 to hosts on VLAN 100.

TS_switch(config)# cts role-based sgt-map vlan 100 sgt 10

Step 6 Enable IP Device Tracking on the TrustSec switch. Verify that it is operating.

TS_switch(config)# ip device tracking

TS_switch# show ip device tracking all

IP Device Tracking = Enabled

IP Device Tracking Probe Count = 3

IP Device Tracking Probe Interval = 100

---------------------------------------------------------------------

IP Address MAC Address Vlan Interface STATE

---------------------------------------------------------------------

Total number interfaces enabled: 1

Vlan100

Step 7 (Optional). PING the default gateway from an endpoint (in this example, host IP Address 10.1.1.1).

Verify that SGT 10 is being mapped to VLAN 100 hosts.

TS_switch# show cts role-based sgt-map all

Active IP-SGT Bindings Information

IP Address SGT Source

============================================

10.1.1.1 10 VLAN

IP-SGT Active Bindings Summary

============================================

Total number of VLAN bindings = 1

Total number of CLI bindings = 0

Total number of active bindings = 1

Layer 3 Logical Interface to SGT Mapping (L3IF–SGT Mapping)

L3IF-SGT mapping can directly map SGTs to traffic of any of the following Layer 3 interfaces

regardless of the underlying physical interface:

• Routed port

• SVI (VLAN interface)

• Layer3 subinterface of a Layer2 port

• Tunnel interface

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.