Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

3-24

Cisco TrustSec Configuration Guide

OL-22192-02

Chapter 3 Configuring Identities, Connections, and SGTs

Automatically Configuring a New or Replacement Password with the Authentication Server

Batch size = 50

Ignore preferred server

Server Group Deadtime = 20 secs (default)

Global Server Liveness Automated Test Deadtime = 20 secs

Global Server Liveness Automated Test Idle Time = 60 mins

Global Server Liveness Automated Test = ENABLED (default)

Preferred list, 1 server(s):

*Server: 10.15.20.102, port 1812, A-ID 87B3503255C4384485BB808DC24C6F55

Status = ALIVE

auto-test = TRUE, idle-time = 120 mins, deadtime = 20 secs

Installed list: SL1-1E6E6AE57D4E2A9B320D1844C68BA291, 3 server(s):

*Server: 10.15.20.102, port 1812, A-ID 87B3503255C4384485BB808DC24C6F55

Status = ALIVE

auto-test = TRUE, idle-time = 60 mins, deadtime = 20 secs

*Server: 10.15.20.101, port 1812, A-ID 255C438487B3503485BBC6F55808DC24

Status = ALIVE

auto-test = TRUE, idle-time = 60 mins, deadtime = 20 secs

Installed list: SL2-1E6E6AE57D4E2A9B320D1844C68BA293, 3 server(s):

*Server: 10.0.0.1, port 1812, A-ID 04758B1F05D8C1439F27F9509E07CFB6.

Status = ALIVE

auto-test = TRUE, idle-time = 60 mins, deadtime = 20 secs

*Server: 10.0.0.2, port 1812, A-ID 04758B1F05D8C1439F27F9509E07CFB6.

Status = DEAD

auto-test = TRUE, idle-time = 60 mins, deadtime = 20 secs

Automatically Configuring a New or Replacement Password

with the Authentication Server

As an alternative to manually configuring the password between the switch and the authentication server,

you can initiate a password negotiation from the switch. To configure the password negotiation, perform

this task:

Detailed Steps for Catalyst 6500

Command Purpose

Step 1

Router# cts change-password server

ip-address port {key secret | a-id a-id}

Initiates a password negotiation between the switch

and the authentication server.

• ip-address—The IP address of the authentication

server.

• port—The UDP port of the authentication server.

• key secret—The RADIUS shared secret of the

authentication server.

• a-id a-id—The A-ID associated with the

authentication server.

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.