i read some articles about cisco's trustsec,the main merits are :sec the datapath(by 802.1AE);unified policy;role based access control.but i still have some questions:
1 i know Trusted computing Group,an orgnizaiton whose object is to build a more secure envorienment: PC,network etc.they have some WGs,one of them is TNC,Trusted netwok connected.recently i am also doing some studying on trusted network,related to TCG's TNC.Why we use IPS,firewall to protect our campus and data center network before we use it?becase we don't trust it,we believe there must be virus and attacks in it.can we build a trusted campus network ,a trusted datacenter network without IPS,firewall(that is we trust the network).This is the content of my studying.does cisco'trustsec has something to do with the trusted network i mentioned here?--raise the secure level of the network to make it more trusted?
2 there are some working steps of trustsec:authentication,authorization and secure parameter negotiation.can you describe the initial scenario when all the switches unauthenticated(following pic shows 4 switches forming a loop,ACS server connects to switch2),and how they are authenticated by ACS server or by each other step by step and finally build the secure domain?there is a special switch called "seed",and does it play special function during the initial authentication process? I thinked it over and over and can not figure it out.
3 the working process said "ingress tagging,egress filtering and packet will take with the tag along the path".Is the tag packaged into the head of macsec packet?if yes,how is it transfered all the way because macsec is only for local link,i don't know how the tag infomation is transfered from the client,transiting multiple switches and to the server finally?i think trustsec can do all these actions on egress switches only:egress tagging ,egress filtering,why don't you suggest that?
4 trustsec seems like the cisco's private technology,how do you think to cooperation with other vendor's products? or do you do some work to let it be a standard in the future?
I recently did an upgrade with AT&T from an older ADI/MIS 45M/45M DS3 circuit to a ADI/MIS 100M/100M circuit. Both of these are being provided over fiber run into my office. Both of these are serviced by my local LEC Frontier Communications. In the pr...
Hi all, we have configured dynamic vpn in a firewall which is behind a Cisco firewall. But remote clients are unable to connect to vpn configured in the firewall which isbehind the router where isp link terminates. Any help on how we ...
I’ve done the initial config with the express config utility. Now I can see the switch on my network but all login attempts are rejected no matter what combos I use. Seems to be working correctly, I just can’t manage it. Any help appreciated.
I am new to working with Cisco stuff and asking questions on here, so I hope I am asking this in proper form.I have a Linksys home router, connected to a Cisco 3825 router, connected to a Cisco 3560 switch.The router is working well and able to ping the i...