technology uses software-defined segmentation to simplify the provisioning of
security policies, to accelerate security operations, and to consistently
enforce policy anywhere in the network. TrustSec is embedded technology in
Cisco switches, routers, wireless, and security devices. It is a secure network
architecture that extends security across the network from campus to branch to
data center. TrustSec is the foundation for using the Network as an Enforcer
and mitigates risk by reducing attack surface through better segmentation,
whilst also increasing operational efficiency and making compliance goals
easier to achieve.
the TrustSec network service design enables you to choose preferred options for
provisioning configurations to TrustSec-capable devices to enable 802.1X and
other TrustSec functionality. You can configure wired 802_1x devices by
creating TrustSec model-based configuration templates and choosing any one of
the following navigation paths:
TrustSec Readiness Assessment
displays TrustSec-based device details such as TrustSec Feature classification.
The devices are categorized as:
Classification is the process of assigning a security group tags
based on identity or context (dynamically with 802.1x or MAB or web auth or
statically mapped to IP, subnet, VLAN or interface). These security group tags
are transmitted to the devices using inline tagging or security group tag
exchange protocol (SXP).
Enforcement is the process of enforcing traffic policy based on
the security group tags via a secure group ACL (SGACL on switches and routers)
or security group firewall (SGFW).
TrustSec Incapable are devices with no classification, propagation
or enforcement capabilities.
To generate a TrustSec Readiness Assessment report, follow these
TrustSec Readiness tab. The TrustSec table
appears with the following types of devices:
TrustSec Incapable Devices
Click the various device
categories to view the details of the selected TrustSec-based device type. Each
category displays the number of devices in percentage in a color coded circle.
The color codes for each category are:
Classification, Enforcement and TrustSec Incapable
Red — Number of TrustSec incapable devices.
Light Green—Number of classification capable devices
Dark Green—Number of enforcement capable devices.
Choose the appropriate filter from the
Show drop-down list to filter the devices in
Click the Export icon to download the device details as CSV or PDF