Environment Data Download - Cisco TrustSec Configuration Manual

Chapter 1 Cisco TrustSec Overview
The NDAC and SAP negotiation process is shown in
Figure 1-5

Environment Data Download

The Cisco TrustSec environment data is a collection of information or policies that assists a device to
function as a Cisco TrustSec node. The device acquires the environment data from the authentication
server when the device first joins a Cisco TrustSec domain, although you might also manually configure
some of the data on a device. For example, you must configure the seed Cisco TrustSec device with the
authentication server information, which can later be augmented by the server list that the device
acquires from the authentication server.
The device must refresh the Cisco TrustSec environment data before it expires. The device can also cache
the environment data and reuse it after a reboot if the data has not expired.
The device uses RADIUS to acquire the following environment data from the authentication server:
•
•
•
OL-22192-01
NDAC and SAP Negotiation
Supplicant
supplican
Authentication authentication authentication Authentication
SAP negotiation SAP negotiation
Server lists—List of servers that the client can use for future RADIUS requests (for both
authentication and authorization).
Device SG—Security group to which the device itself belongs.
Expiry timeout—Interval that controls how often the Cisco TrustSec device should refresh its
environment data.
Information about Cisco TrustSec Architecture
Figure 1-5.
AT
Authentication authentication Authentication
Authorization Authorization
authorization
Authorization Authorization
authorization authorization
Cisco TrustSec Configuration Guide
AS
1-11