EasyManuals Logo
Home>Cisco>Network Router>3925

Cisco 3925 User Manual

Cisco 3925
408 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #159 background imageLoading...
Page #159 background image
151
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
SGT over Ethernet Tagging
SGT over Ethernet Tagging
Cisco TrustSec (CTS) is an end-to-end network infrastructure that provides a scalable architecture for
enforcement of role-based access control, identity-aware networking, and data confidentiality that helps
to secure the network and its resources. CTS works by identifying and authenticating each network user
and resource and assigning a 16-bit number called Security Group Tag (SGT). SGT is then propagated
between network hops to allow intermediary devices (switches and routers) to enforce policies based on
the identity tag.
CTS-capable devices have built-in hardware capabilities than can send and receive packets with SGT
embedded in the MAC (L2) layer. This feature is called L2-SGT imposition. This allows Ethernet
interfaces on the device to be enabled for L2-SGT imposition to enable the device to insert an SGT in
the packet that is to be carried to its next- hop Ethernet neighbor. SGT over Ethernet Tagging is a type
of hop-by-hop propagation of SGTs embedded in clear-text (unencrypted) Ethernet packets.
Restrictions for SGT over Ethernet Tagging
• SGT over Ethernet Tagging is supported on plain-text Ethernet frames only.
• SGT over Ethernet Tagging is supported on on-board Gigabit Ethernet interfaces on the following
Cisco ISR G2 Series routers:
–
Cisco ISR G2 2951
–
Cisco ISR G2 3945
–
Cisco ISR G2 3900 E Series
–
Cisco ISR G2 1921
–
ISR G2 1941
–
ISR G2 2901
–
ISR G2 2911
–
ISR G2 2921
Configuring SGT over Ethernet Tagging
Perform these steps to configure SGT over Ethernet Tagging.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface gigabitethernet slot/port
4. cts manual
5. propagate sgt
6. policy static sgt tag [trusted]
7. end

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 3925 and is the answer not in the manual?

Cisco 3925 Specifications

General IconGeneral
BrandCisco
Model3925
CategoryNetwork Router
LanguageEnglish

Related product manuals