Cisco ISE: TrustSec
ฝัง
- เผยแพร่เมื่อ 5 ก.พ. 2025
- In this video, I explain how TrustSec works, TrustSec Operations and Architecture.
The lab is focused on NDAC and how a seed/non-seed device joins the TrustSec domain (I haven't focused on classification/inline/SXP/SGACLs)
The vIOS (15.2) seems to use SHA1 which is disabled in ISE 2.7 by default.
Do enable it if you want the cts dot1x to work for link authentication.
PAC (Protected Access Credential) and EAP-FAST (Flexible Authentication via Secure Tunneling) do not require TLS authentication between the switch and Cisco ISE. However, they do use TLS within EAP-FAST for secure authentication between the client (endpoint) and ISE.
You are awesome, great explanation. Thanks for sharing.
Very good Explanation
Thanks for very detailed explanation on TrustSec architecture
Glad it was helpful!
Thats a really good explanation.
For those of you who are watching this and are running newer versions of ISE, you need to enable TLS1.0 within ISE as the IOS image seems to only have 1.0 enabled.
Can you provide me path to enable this?
@@prathameshpadosakar269 Administration > System > Settings > Security Settings Then check Allow TLS 1.0. Hope that helps.
Thanks for the wonderful explaination
just have one query @BitsPlease !
can we connect the Seed Switch Interface to end-client & flow EAP-FAST NAM Module on Windows with its variants
Buen video
Hello,
Do you know if vIOS (15.2) virtual switch supports Inline tagging for TrustSec or only works with SXP ?
Thank you.
Thank you
What ISE features do you lose for devices that cannot participate in a trustsec domain due to no TLS1.2 support? Can ISE still push down changes to devices that support trustsec in hardware? i assume SGACL can still be pushed down same way DACL can?
Is there are any documentation to your demonstration?
Which image of viol are you running? Mine doesn't appear to support CTS, which is vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E
Very well explained.
I am also using vIOS 15.2 but CTS command is not available,
Core-SW#sh version | i Version
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E, TEST ENGINEERING ESTG_WEEKLY BUILD, synced to END_OF_FLO_ISP
Core-SW#
Core-SW#cts ?
% Unrecognized command
Where is your video about SGT?
you are just awesome
Simple super.. can you pls share the switch end configuration.. so it will use for us..
hi, nice video. how did you make CoA work on eve-ng? what switch did u use?
vIOS (15.2)
@@BitsPlease same. but as soon as the sw download the dacl it craches
That's weird, never saw that in my lab. Make sure you are using the official images from VIRL or CML
After starting up the ISE journey again and banging my head as to why my config wasn't working, i found that the CTS and Radius passwords should be the same. There are some ways around it but looks like common practice (as documented i some cisco docs) is to set them the same
superb thanks.
Hello, can you share with me the lab
Hey, I have dismantled this one as it was a while ago. It's pretty simple to build tho
@@BitsPlease is it normal ISE image from cisco website ?
@@mohammedahmad7276 yes it is. I explain about it in the first video of the playlist.