Cisco Trustsec; Information About Cisco Trustsec; Guidelines And Limitations For Troubleshooting Cisco Trustsec - Cisco Nexus 1000V Troubleshooting Manual

Hide thumbs Also See for Nexus 1000V:

Troubleshooting manual (280 pages)

Configuration manual (96 pages)

Deployment manual (49 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

Table of Contents

S e n d d o c u m e n t c o m m e n t s t o n e x u s 1 k - d o c f e e d b a c k @ c i s c o . c o m .

Cisco TrustSec

This chapter describes how to identify and resolve problems that might occur when configuring Cisco

TrustSec.

This chapter includes the following sections:

•

Information About Cisco TrustSec, page 24-1

•

Guidelines and Limitations for Troubleshooting Cisco TrustSec, page 24-1

•

Cisco TrustSec Troubleshooting Commands, page 24-2

Problems with Cisco TrustSec, page 24-4

•

Information About Cisco TrustSec

The Cisco TrustSec security architecture builds secure networks by establishing clouds of trusted

network devices. Each device in the cloud is authenticated by its neighbors. Communication on the links

between devices in the cloud is secured with a combination of encryption, message integrity checks, and

data-path replay protection mechanisms.

Cisco TrustSec also uses the device and user identification information acquired during authentication

for classifying, or coloring, the packets as they enter the network. This packet classification is

maintained by tagging packets on ingress to the Cisco TrustSec network so that they can be properly

identified for the purpose of applying security and other policy criteria along the data path. The tag, also

called the security group tag (SGT), allows the network to enforce the access control policy by enabling

the endpoint device to act upon the SGT to filter traffic.

See the Cisco Nexus 1000V Security Configuration Guide, Release 4.2(1)SV2(1.1)) for more information

on the Cisco TrustSec feature on Cisco Nexus 1000V.

Guidelines and Limitations for Troubleshooting Cisco TrustSec

The following guidelines and limitations apply when troubleshooting Cisco TrustSec SXP:

•

In this release, SGT Exchange Protocol (SXP) is supported for Cisco Nexus 1000V.

•

Cisco Nexus 1000V VSM will always be configured as the SXP speaker in all peer connections.

Listener functionality is not supported in this release.

•

A maximum of 2048 IP-SGT mappings can be learned system-wide in the DVS. This is a combined

total for both entries learned via DHCP snooping as well as device tracking of individual virtual

machines by ARP as well as IP traffic inspection.

OL-28795-01

C H A P T E R

Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1)SV2(2.1)

24-1

Table of Contents

Cisco Trustsec; Information About Cisco Trustsec; Guidelines And Limitations For Troubleshooting Cisco Trustsec - Cisco Nexus 1000V Troubleshooting Manual

Cisco TrustSec

Information About Cisco TrustSec

Guidelines and Limitations for Troubleshooting Cisco TrustSec

Troubleshooting

Related Manuals for Cisco Nexus 1000V

Related Content for Cisco Nexus 1000V

Table of Contents