Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2096
Views
5
Helpful
5
Replies

ISE Version and TrustSec Version Correlation

Go to solution
danhamil
Cisco Employee
Cisco Employee

‎01-03-2019 08:13 AM

Hi,

How can you determine which TrustSec version is associated with a particular ISE version?

For example. If I am running ISE version 2.2, what TrustSec version is associated with that version of ISE? TrustSec 6.1? 6.2?

 

The reason for asking is if you go to the ISE Compatibility matrices, there is a footnote for TrustSec that refers you to the Cisco TrustSec Product Bulletin for a complete list of Cisco TrusSec Feature support.  However, when you go to the referred link, I see multiple TrustSec versions listed (5.0 to 6.4).  But I can't seem to find any kind of table or reference to which TrustSec version corresponds to which ISE version.

 

Is there a page or matrix that details what TrustSec Versions correlates to which ISE version or if there is a CLI command or somewhere in the GUI to determine this?

 

Thanks,

Dan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthumula
Cisco Employee
Cisco Employee

‎01-03-2019 11:09 AM

Dan,

The TrustSec compatibility matrix usually don't associate with a specific ISE version and same goes with the ISE compatibility matrix due to the timing of the ISE releases. The version 6.3 was tested with ISE 2.2 and the latest version 2.4 was tested with TrustSec 6.4.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
kthumula
Cisco Employee
Cisco Employee

‎01-03-2019 11:09 AM

Dan,

The TrustSec compatibility matrix usually don't associate with a specific ISE version and same goes with the ISE compatibility matrix due to the timing of the ISE releases. The version 6.3 was tested with ISE 2.2 and the latest version 2.4 was tested with TrustSec 6.4.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎01-03-2019 11:12 AM

The TrustSec Platform Capability Matrices are just that - tables of hardware platform capabilities. This means network devices, not ISE. The 3 main things you have to consider on these platforms which is mapped directly in the column headers:

  1. Classification : Security Group Tag (SGT) Classification
  2. Propagation : SGT Exchange Protocol (SXP) Support and Version, Inline SGT Tagging
  3. Enforcement : SGT Enforcement, Services

ISE can control dynamic classification via RADIUS by assigning SGTs via 802.1X or MAB:

image.png

 

ISE can control propagation as a centralized SXP speaker and/or listener :

image.png

 

Go to solution
danhamil
Cisco Employee
Cisco Employee
In response to thomas

‎01-03-2019 11:25 AM

Hi.

Thanks for the reply.  I think I see my confusion.  So just to confirm I understand your reply.  The TrustSec Version is referring to the TrustSec component within the actual switches or controllers and not the TrustSec component within ISE software.  Correct?

Thanks,

-Dan

0 Helpful

Go to solution
kthumula
Cisco Employee
Cisco Employee
In response to danhamil

‎01-03-2019 11:29 AM

The TrustSec version or release is just the new set of features or platforms (switches, routers, WLC etc..) which have been validated by solution test along with new TrustSec features on ISE.

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎01-03-2019 11:31 AM

Hi Dan,

 

The system bulletin has this information in the table.

It speaks about the minimum version needed for the Trustsec solution. You will find this in Table 2.

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/trust-sec-bulletin.pdf

 

Thanks

Krishnan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents