cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

330
Views
0
Helpful
5
Replies
Cisco Employee

ISE Version and TrustSec Version Correlation

Hi,

How can you determine which TrustSec version is associated with a particular ISE version?

For example. If I am running ISE version 2.2, what TrustSec version is associated with that version of ISE? TrustSec 6.1? 6.2?

 

The reason for asking is if you go to the ISE Compatibility matrices, there is a footnote for TrustSec that refers you to the Cisco TrustSec Product Bulletin for a complete list of Cisco TrusSec Feature support.  However, when you go to the referred link, I see multiple TrustSec versions listed (5.0 to 6.4).  But I can't seem to find any kind of table or reference to which TrustSec version corresponds to which ISE version.

 

Is there a page or matrix that details what TrustSec Versions correlates to which ISE version or if there is a CLI command or somewhere in the GUI to determine this?

 

Thanks,

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Version and TrustSec Version Correlation

Dan,

The TrustSec compatibility matrix usually don't associate with a specific ISE version and same goes with the ISE compatibility matrix due to the timing of the ISE releases. The version 6.3 was tested with ISE 2.2 and the latest version 2.4 was tested with TrustSec 6.4.

5 REPLIES 5
Cisco Employee

Re: ISE Version and TrustSec Version Correlation

Dan,

The TrustSec compatibility matrix usually don't associate with a specific ISE version and same goes with the ISE compatibility matrix due to the timing of the ISE releases. The version 6.3 was tested with ISE 2.2 and the latest version 2.4 was tested with TrustSec 6.4.

Cisco Employee

Re: ISE Version and TrustSec Version Correlation

The TrustSec Platform Capability Matrices are just that - tables of hardware platform capabilities. This means network devices, not ISE. The 3 main things you have to consider on these platforms which is mapped directly in the column headers:

  1. Classification : Security Group Tag (SGT) Classification
  2. Propagation : SGT Exchange Protocol (SXP) Support and Version, Inline SGT Tagging
  3. Enforcement : SGT Enforcement, Services

ISE can control dynamic classification via RADIUS by assigning SGTs via 802.1X or MAB:

image.png

 

ISE can control propagation as a centralized SXP speaker and/or listener :

image.png

 

Cisco Employee

Re: ISE Version and TrustSec Version Correlation

Hi.

Thanks for the reply.  I think I see my confusion.  So just to confirm I understand your reply.  The TrustSec Version is referring to the TrustSec component within the actual switches or controllers and not the TrustSec component within ISE software.  Correct?

Thanks,

-Dan

Highlighted
Cisco Employee

Re: ISE Version and TrustSec Version Correlation

The TrustSec version or release is just the new set of features or platforms (switches, routers, WLC etc..) which have been validated by solution test along with new TrustSec features on ISE.

Cisco Employee

Re: ISE Version and TrustSec Version Correlation

Hi Dan,

 

The system bulletin has this information in the table.

It speaks about the minimum version needed for the Trustsec solution. You will find this in Table 2.

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/trust-sec-bulletin.pdf

 

Thanks

Krishnan