© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 10
applications reside. Identity-aware networks go beyond just security policies and are able to provide identity-based
quality of service to support business-critical applications for users with specific needs.
Cisco TrustSec provides the ability to secure a data path in a switching environment with switch port level
encryption. The built-in Layer 2 encryption capability helps protect data confidentiality and integrity over the LAN.
It relieves IT staff of the burden of retrofitting and encrypting at the application layer for all their applications in a
high-security environment.
Architecture
As Figure 2 shows, the Cisco TrustSec solution architecture consists of authentication, authorization, and services
modules. In addition, Cisco TrustSec provides a comprehensive policy framework.
Figure 2. Cisco TrustSec Solution Architecture
Authentication
Cisco TrustSec provides a group of flexible authentication (FlexAuth) methods, including IEEE 802.1X, web
authentication (WebAuth), and MAC authentication bypass (MAB). Cisco TrustSec delivers the latest 802.1X
technologies to reduce the operational overhead associated with deploying IEEE 802.1X in primarily wired
environments. Some of the latest Cisco technology advances include a single switch port configuration that can
accommodate all potential types of hosts, as well as managed, unmanaged, known, and unknown users. FlexAuth
allows IT administrators to configure a single switch port with a consistent configuration that enables 802.1X, MAB,
and WebAuth in any sequence to accommodate desired authentication requirements. Cisco Open Mode
technology provides IT administrators with the flexibility to selectivity open, or pinhole, certain traffic types through
the restricted 802.1X-enabled port. The most common use for this technology is to enable host management
operations to function normally in an identity-based access control port implementation. Protocols such as Preboot
Execution Environment (PXE), Short Message Service (SMS), Microsoft Software Update Services (SUS), and
others that assume network connectivity can be allowed to flow through the access-controlled port in a controlled
manner. This technology also brings auditing and monitoring of 802.1X deployment readiness before 802.1X
enforcement begins.
Cisco Network Edge Access Topology (NEAT)-powered compact switches extend 802.1X capabilities to the
network edge (conference rooms, for example), providing the same level of security as the main switch in the
wiring closet. Such simple and secure configuration delivers the Borderless Networks experience without
sacrificing security.
(10 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales