Manuals+

Cisco TrustSec Integration

Understanding Cisco TrustSec and SD-WAN Integration

This document provides essential information on integrating Cisco TrustSec with Cisco SD-WAN solutions. Cisco TrustSec is a network infrastructure designed to enforce role-based access control, identity-aware networking, and data confidentiality. It utilizes Security Group Tags (SGTs) to represent user and device groups, enabling granular policy enforcement across the network.

The guide focuses on the propagation of these SGTs within a Cisco SD-WAN environment, detailing two primary methods: Inline Tagging and the Security Group Tag Exchange Protocol (SXP).

Core Concepts: SGT Propagation

Inline Tagging

Inline Tagging utilizes a special Ethernet frame to carry SGTs between network hops, allowing for policy enforcement based on SGTs. This method is supported by Cisco IOS XE SD-WAN devices.

Security Group Tag Exchange Protocol (SXP)

SXP is an alternative protocol for propagating SGTs, particularly useful when hardware does not support inline tagging. It enables the dynamic exchange of IP address-to-SGT bindings, often leveraging Cisco Identity Services Engine (ISE) for management.

Benefits of Cisco TrustSec

  • Provides secure access based on user and device identity.
  • Applies policies network-wide using tags instead of IP addresses.
  • Simplifies network access and security operations through software-defined segmentation.
  • Enhances scalability and policy consistency.
  • Reduces risk and facilitates microsegmentation without network redesign.

Configuration and Supported Platforms

The document outlines configuration procedures using Cisco vManage and the Command Line Interface (CLI). It details the steps for setting up SGT propagation, including dynamic IP-SGT binding via SXP and static configurations.

A range of Cisco devices and WAN Network Interface Modules (NIMs) are supported for SGT propagation, including various Integrated Services Routers and Catalyst platforms. Specific software releases for Cisco IOS XE and Cisco vManage are also noted for compatibility.


File Info : application/pdf, 22 Pages, 1.33MB

PDF preview unavailable. Download the PDF instead.

cisco-trustsec-integration

References

DITA Open Toolkit XEP 4.30.961; modified using iText 2.1.7 by 1T3XT

Related Documents

Preview Configure NAT66 on Cisco Catalyst SD-WAN: A Comprehensive Guide
This guide details configuring NAT66 Direct Internet Access (DIA) on Cisco Catalyst SD-WAN, covering its benefits, restrictions, and step-by-step configuration using templates and CLI.
Preview Managing SD-Routing Devices with Cisco SD-WAN Manager Guide
A comprehensive guide detailing how to manage and monitor SD-Routing devices using Cisco SD-WAN Manager, covering onboarding, configuration, and troubleshooting for enterprise networks.
Preview Cisco Product Catalog Vol. 9 - 2016 Autumn/Winter Edition
Explore the latest Cisco networking products, including the Cisco Catalyst 2960-L series switches, designed to transform wired network edges. This catalog covers switches, wireless access points, routers, security appliances, and Meraki solutions for businesses of all sizes.
Preview Cisco FlexConnect Bonjour Deployment Guide for Cisco DNA Service
A comprehensive guide detailing the deployment of Cisco DNA Service for Bonjour with Cisco FlexConnect wireless networks, enabling seamless service discovery and distribution across wired and wireless environments.
Preview Cisco Fast Track Q3 Product Catalog and Pricing
A comprehensive catalog of Cisco networking hardware and software licenses from the Fast Track Q3 promotion, detailing product codes, descriptions, list prices, and promotional prices for various Cisco product lines.
Preview 思科路由器指南:企业网络解决方案
本指南详细介绍了思科集成多业务路由器和思科服务汇聚路由器系列,为中小型企业、企业分支机构、总部及服务提供商边缘提供全面的网络解决方案。
Preview Cisco Catalyst Center Release 3.1.3 Release Notes
Detailed release notes for Cisco Catalyst Center, Release 3.1.3, covering new software features, changes in behavior, resolved and open issues, compatibility, scalability, supported hardware, and legal information.
Preview Cisco Unified Border Element Configuration Guide Through Cisco IOS XE 17.5
A comprehensive guide to configuring the Cisco Unified Border Element (CUBE) using Cisco IOS XE 17.5, covering SIP, H.323, codecs, call admission control, media path, and other essential features for enterprise voice and video communication.