Name: Cisco TrustSec
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

6-2

Cisco TrustSec Configuration Guide

OL-22192-01

Chapter 6 Configuring Endpoint Admission Control

Basic EAC Configuration Sequence

1. Configure the Cisco Secure ACS to provision SGTs to authenticated endpoint hosts.

2. Enable SXP on access switches. See the chapter, “Configuring SGT Exchange Protocol over TCP

(SXP) and Layer 3 Transport.”

3. Enable any combination of 802.1X, MAB, or WebAuth authentication methods on the access switch.

4. Enable DHCP and IP device tracking on access switches.

802.1X Authentication Configuration

The following example shows the basic 802.1x configuration on a Gigabit Ethernet port:

Router(config)# dot1x system-auth-control

Router(config)# interface GigabitEthernet2/1

Router(config-if)# authentication port-control auto

Router(config-if)# dot1x pae authenticator

For additional information on configuring 802.1x authentication, see the configuration guide for your

access switch.

Verifying the 802.1X Configuration

To verify 802.1X authentication configuration, use the show authentication interface command.

Router# show authentication interface gigabitEthernet 2/1

*May 7 11:22:06: %SYS-5-CONFIG_I: Configured from console by console

Client list:

Interface MAC Address Domain Status Session ID

Gi2/1 000c.293a.048e DATA Authz Success AC1AD01F0000000904BBECD8

Available methods list:

Handle Priority Name

3 0 dot1x

Runnable methods list:

Handle Priority Name

3 1 dot1x

And to verify the port has successfully authenticated:

Router# show dot1x interface gigabitEthernet 2/1 details

Dot1x Info for GigabitEthernet2/1

-----------------------------------

PAE = AUTHENTICATOR

PortControl = AUTO

ControlDirection = Both

HostMode = SINGLE_HOST

QuietPeriod = 60

ServerTimeout = 30

SuppTimeout = 30

ReAuthMax = 2

MaxReq = 2

TxPeriod = 30

Dot1x Authenticator Client List

Questions and Answers:

Need help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General

Category	Network Security
Functionality	Provides role-based access control, network segmentation, and policy enforcement.
Key Components	Security Group Tags (SGT), Security Exchange Protocol (SXP).
Authentication Methods	802.1X, MAC Authentication Bypass (MAB), Web Authentication
Security Group Tagging (SGT)	Assigns security group tags to users and devices for identity-based segmentation.
Security Exchange Protocol (SXP)	A protocol used to propagate SGT information across network devices.
Policy Enforcement	Enforces security policies based on SGTs and SGACLs.
Benefits	Enhanced security, simplified policy management, and improved compliance.
Encryption	Supports encryption for data in transit through IPsec and MACsec.
Scalability	Scalable to large enterprise networks with thousands of devices.
Compatibility	Compatible with a wide range of Cisco network devices.
Description	Cisco TrustSec is a security architecture framework designed to build secure networks. It uses identity-based access control to segment the network and enforce policies based on user roles and device types, rather than relying solely on IP addresses.