hit counter script
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Cisco TrustSec Configuration Manual page 202

Hide thumbs
Table of Contents

Advertisement

Glossary
M
Media Access Control Security based on IEEE 802.1AE to provide hop-to-hop link encryption. A
MACSec
TrustSec hardware-capable device can establish a MACSec link with a TrustSec hardware-capable
peer.
N
Network Device Admission Control. A mutual authentication mechanism between CTS devices to
NDAC
authenticate and authorize its peer using an 802.1X process. EAP-FAST is used as the EAP type.
Non-seed devices do not have direct IP connectivity to the Cisco Secure ACS and require other devices
Non-seed Device
to authenticate and authorize them onto the TrustSec network, such as a seed device or a device already
enrolled in the TrustSec network.
R
Role-based Access Control. An access control mechanism based on the role of the endpoints. RBAC is
RBAC
different from group based access control in a sense that RBAC can take multiple role factors to derive
final policy for a particular entity.
Role-based Access Control List. Often used to characterize SGACL because TrustSec uses the RBAC
RBACL
features of the Cisco Secure ACS.
S
Security Association Protocol, negotiates keys and cipher suite for link encryption after successful
SAP
authentication and authorization for NDAC. SAP is derived from the 802.11i standard. SAP negotiation
can be automatically initiated after NDAC process or the PMK can be statically configured on an
interface.
The seed device is the first TrustSec hardware-capable device to authenticate against the Cisco Secure
Seed Device
ACS for TrustSec policy authorization. The seed device becomes the authenticator for the next TrustSec
supplicant device, which in turn becomes an authenticator to its supplicant devices.
Security Group Access Control List. A Layer 3 to Layer 4 access control list that filters according to
SGACL
the value of SGTs. Usually, filtering occurs at an egress port of the CTS domain.
Security Group Tag. A Layer-2 tag inserted in an Ethernet frame to classify traffic based on role. The
SGT
tag process occurs at the ingress of the CTS domain. SGTs are defined in the Cisco Secure ACS
configuration.
Cisco TrustSec Configuration Guide
GL-2
OL-22192-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Products for Cisco TrustSec

Table of Contents