Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
0
Helpful
2
Replies

Cisco Trustsec using only ACS 5.2 and a 65k SXI with 802.1X

golly_wog
Level 1
Level 1

‎04-21-2011 02:05 AM - edited ‎03-10-2019 06:00 PM

Hi

I hope that this is the correct place for this Q.

I have setup an ACS 5.2 Server and enaled 802.1X authentication on a 65k running SXI5, as per the following section; Assigning SGT Using IEEE 802.1X User Authentication

The link can be found below;

http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/guide_c07-608226.html

I can sucessfully get a PC to authenticate using dot.1x and according to the monitoring on the ACS box, the SGT is passed to the 65k, however when I do a "sho cts role-based sgt-map all", I can't see the SGT passed to the 65k. Is this because I don't have a Nexus to create the sxp link to?

Sorry if this is a noddy Q, but I'm trying to do my best to get to grips with trustsec, but not having a 7k means I'm really struggling.

many thanks

Labels:
0 Helpful
2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

‎04-21-2011 12:15 PM

A nexus is a mandatory requirement for Trustsec unfortunately indeed.

0 Helpful

golly_wog
Level 1
Level 1
In response to Nicolas Darchis

‎04-27-2011 04:59 AM

Hi Nicolas

Thanks for taking the time to respond. Although Nexus is needed, if a device authenticates using 802.1x and this is configured for SGT, should the SGT configuration not update on the 65k? This is something that I would presume would happen without the need for the Nexus.


Once again, sorry if this is vague and a very newbie Q.

Many thanks

0 Helpful
Customers Also Viewed These Support Documents