Please enable JavaScript.

Coggle requires JavaScript to display documents.

TRUSTSEC (INTRODUCTION (CLASSIFICATION (based on authentication results…

- - - - Requires hardware support
    - - For devices that do not have hw support for inline tagging
      - Share SGT to IP address mapping
- - - - Device tag
      - SGT's representing security groups
      - Unknown tag (SGT=0)
    - - Best Practice: Create a tag (SGT) to represent network devices that communicate with ISE for policy information.
      - Step 1 Navigate to Policy->Policy Elements->Results->TrustSec->Security Groups
        Step 2 Click the ADD button.
        Step 3 Create the security group “TrustSec_Device_SGT” and Save.
    - - Auto-generate
      - Manual
      - Importing from spreadsheet
        
        Step 1 Navigate to Policy->Policy Elements->Results->TrustSec->Security Groups->Export
        
        Step 2 Complete the spreadsheet
        
        Step 3 Click Policy->Policy Elements->Results->TrustSec->Security Groups->Import to import the completed spreadsheet
    - - In a TrustSec enabled network, all network resources are classified with SGTs. This includes a network device itself. All traffic initiated from network device is going to be tagged with a SGT. Previously you defined this SGT as the “TrustSec Device SGT”. Now you will configure ISE to assign this SGT when a network device authenticates against ISE. Once the switches have this SGT, traffic that is initiated from the switch will be tagged with this SGT.
      - Navigate to Policy->TrustSec ->Network Device Authorization. You will findDefault rule for Network Device Authorization.
      - Edit link of the rule table and change value of SGT from Unknown to TrustSec_Device_SGT..
      - Click Done and Click Save button at bottom to save this configuration