Table of Contents
Advertisement
Chapter 2
Configuring the Cisco TrustSec Solution
Cisco TrustSec Guidelines and Limitations
Cisco TrustSec has the following guidelines and limitations for Catalyst switches:
•
•
•
•
•
•
Default Settings
Table 2-1
Table 2-1
Parameters
Cisco TrustSec
SXP
SXP default password
SXP reconciliation period
SXP retry period
Cisco TrustSec Caching
Additional Documentation
Release-Specific Documents
Release-Specific Document Title
Release Notes for Cisco TrustSec General
Availability Releases
OL-22192-01
AAA for Cisco TrustSec uses RADIUS and is supported only by the Cisco Secure Access Control
System (ACS), version 5.1 or later.
You must enable the 802.1X feature globally for Cisco TrustSec to perform NDAC authentication.
If you disable 802.1X globally, you will disable NDAC.
Cisco TrustSec is supported only on physical interfaces, not on logical interfaces.
Cisco TrustSec does not support IPv6 in the releases referenced in this guide.
If the default password is configured on a switch, the connection on that switch should configure the
password to use the default password. If the default password is not configured on a switch, the
connection on that switch should also not configure a password. The configuration of the password
option should be consistent across the deployment network.
Configure the retry open timer command to a different value on different switches.
lists the default settings for Cisco TrustSec parameters.
Default Cisco TrustSec Parameters
Default
Disabled.
Disabled.
None.
120 seconds (2 minutes).
60 seconds (1 minute).
Disabled.
TrustSec Topics
Open and resolved caveats
•
Current hardware and software support
•
Cisco TrustSec Configuration Guide
Additional Documentation
2-3
Hide quick links:
Advertisement
Table of Contents
