Cisco ISE: TrustSec
Рет қаралды 16,934
Күн бұрынIn this video, I explain how TrustSec works, TrustSec Operations and Architecture.
The lab is focused on NDAC and how a seed/non-seed device joins the TrustSec domain (I haven't focused on classification/inline/SXP/SGACLs)
The vIOS (15.2) seems to use SHA1 which is disabled in ISE 2.7 by default.
Do enable it if you want the cts dot1x to work for link authentication.
@tammineedimahesh3738 2 жыл бұрын
You are awesome, great explanation. Thanks for sharing.
@geturrajesh 4 жыл бұрын
Thanks for very detailed explanation on TrustSec architecture
@BitsPlease 4 жыл бұрын
Glad it was helpful!
@susheelafrancis9251 3 жыл бұрын
Thats a really good explanation.
@TheRanjeettendulkar 3 жыл бұрын
Very well explained.
@SaregamapavanN 3 жыл бұрын
you are just awesome
@RyanBess 2 жыл бұрын
For those of you who are watching this and are running newer versions of ISE, you need to enable TLS1.0 within ISE as the IOS image seems to only have 1.0 enabled.
@prathameshpadosakar269 2 жыл бұрын
Can you provide me path to enable this?
@Daz2281 Жыл бұрын
@@prathameshpadosakar269 Administration > System > Settings > Security Settings Then check Allow TLS 1.0. Hope that helps.
@mdabdulmoiz 4 жыл бұрын
superb thanks.
@neethu_achar Жыл бұрын
Thanks for the wonderful explaination just have one query @BitsPlease ! can we connect the Seed Switch Interface to end-client & flow EAP-FAST NAM Module on Windows with its variants
@ericiannone9616 2 жыл бұрын
What ISE features do you lose for devices that cannot participate in a trustsec domain due to no TLS1.2 support? Can ISE still push down changes to devices that support trustsec in hardware? i assume SGACL can still be pushed down same way DACL can?
@cristianciobanu4032 Жыл бұрын
Hello, Do you know if vIOS (15.2) virtual switch supports Inline tagging for TrustSec or only works with SXP ? Thank you.
@milkoowen6800 3 жыл бұрын
Which image of viol are you running? Mine doesn't appear to support CTS, which is vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E
@TaraniKantaDebnath 2 жыл бұрын
I am also using vIOS 15.2 but CTS command is not available, Core-SW#sh version | i Version Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Version 15.2(4.0.55)E, TEST ENGINEERING ESTG_WEEKLY BUILD, synced to END_OF_FLO_ISP Core-SW# Core-SW#cts ? % Unrecognized command
@user-gu8dw4fn4h Жыл бұрын
Is there are any documentation to your demonstration?
@anilanilkumar7495 2 жыл бұрын
Simple super.. can you pls share the switch end configuration.. so it will use for us..
@khaleelullahhussaini2417 3 жыл бұрын
Where is your video about SGT?
@RyanBess 7 ай бұрын
After starting up the ISE journey again and banging my head as to why my config wasn't working, i found that the CTS and Radius passwords should be the same. There are some ways around it but looks like common practice (as documented i some cisco docs) is to set them the same
@maximepivi 3 жыл бұрын
hi, nice video. how did you make CoA work on eve-ng? what switch did u use?
@BitsPlease 3 жыл бұрын
vIOS (15.2)
@maximepivi 3 жыл бұрын
@@BitsPlease same. but as soon as the sw download the dacl it craches
@BitsPlease 3 жыл бұрын
That's weird, never saw that in my lab. Make sure you are using the official images from VIRL or CML
@mohammedahmad7276 3 жыл бұрын
Hello, can you share with me the lab
@BitsPlease 3 жыл бұрын
Hey, I have dismantled this one as it was a while ago. It's pretty simple to build tho
@mohammedahmad7276 3 жыл бұрын
@@BitsPlease is it normal ISE image from cisco website ?
@BitsPlease 3 жыл бұрын
@@mohammedahmad7276 yes it is. I explain about it in the first video of the playlist.
Oscar's Funny World
Рет қаралды 25 МЛН