Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼
27
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Support for Cisco TrustSec
Configuring an ISE AAA-Server for TrustSec
ASA Configuration
aaa-server __$ISEServer$__ protocol radius
aaa-server __$ISEServer$__ (management) host 192.168.102.241
key *****
cts server-group __$ISEServer$__
XLM Example
test1_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="ISEServerGroup" name="ise">
<vnsDevFolder key="AAAServer" name="ise">
<vnsDevParam key="host" name="host" value="192.168.102.241"/>
<vnsDevParam key="key" name="key" value="cisco123"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''
Manually Assigning a Security Group Tag (SGT) to an IP Host Mapping
ASA Configuration
cts role-based sgt-map 30.30.30.100 sgt 100
cts role-based sgt-map 2001:3030:30::112 sgt 65519
XLM Example
test2_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="TrustSecSGTMap" name="SGTMap">
<vnsDevParam key="ip_address" name="ip_address" value="30.30.30.100"/>
<vnsDevParam key="security_group_tag" name="tag" value="100"/>
</vnsDevFolder>
<vnsDevFolder key="TrustSecSGTMap" name="SGTMap2">
<vnsDevParam key="ip_address" name="ip_address" value="2001:3030:30::112"/>
<vnsDevParam key="security_group_tag" name="tag" value="65519"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''