Cisco Cisco Identity Services Engine 1.2 시작 가이드
At-A-Glance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-726831-00 02/13
Secure BYOD or “Any Device” Access
Cisco TrustSec can use the extensive ISE profiling, posture validation, and mobile
device management integration functions as part of the classification process.
Cisco TrustSec can provide extensive controls implemented across the network,
or specifically in firewall functions if preferred, that take account of the contextual
classification from ISE.
device management integration functions as part of the classification process.
Cisco TrustSec can provide extensive controls implemented across the network,
or specifically in firewall functions if preferred, that take account of the contextual
classification from ISE.
Policy
Management
Identity Services Engine
Catalyst 2K-S
Catalyst 3K
Catalyst 4K
Catalyst 6K
WLC 2500/5500
WiSM2/SRE
Cisco Nexus 7000
Cisco Nexus 5000
Cisco Nexus 1000v
Cisco N7K/N5K
(SGACL)
Cat6K
(SGACL)
Cat3K-X
(SGACL)
ASA (SGFW)
ASR1K/ISRG2
(SGFW)
Cat 2K-S (SXP)
Cat 3K (SXP)
Cat 3K-X (SXP/SGT)
Cat 4K (SXP)
Cat 6K Sup720 (SXP)
Cat 3K (SXP)
Cat 3K-X (SXP/SGT)
Cat 4K (SXP)
Cat 6K Sup720 (SXP)
Cat 6K Sup2T (SXP/SGT)
Cisco N7K (SXP/SGT)
Cisco N5K (SXP/SGT)
Cisco N1Kv (SXP)
Cisco N7K (SXP/SGT)
Cisco N5K (SXP/SGT)
Cisco N1Kv (SXP)
ASR1K (SXP/SGT)
ISR G2 (SXP)
ASA (SXP)
ISR G2 (SXP)
ASA (SXP)
WLAN
LAN
Remote
Access
(roadmap)
SGT Classification
SGT Enforcement
SGT Transport
Summary of Benefits
• Simplified policy using business context
- Based on meaningful business language, not networking detail
- Based on groups that do not change when resources are moved
- Returns policy administration to the security team
• Enhanced security and reduced complexity
- Simplified design reduces traffic engineering and improves data center
performance
- Highly scalable line-rate marking and policy enforcement on capable devices
- Less network complexity than other segmentation methods, such as VLANs
• Reduced operational expense
- Automated firewall and access control administration
- Reduction in ACL maintenance, complexity, and overhead
- Increased agility from automating adds, moves, and changes
Cisco TrustSec and Secure Access Solution Components
• FlexAuth (802.1X, WebAuth, MAB): All Cisco Catalyst® switching platforms
• Device sensors: Cisco Catalyst 3000 Series; Cisco Catalyst 4500 Series with
• Device sensors: Cisco Catalyst 3000 Series; Cisco Catalyst 4500 Series with
Supervisor 7(L)-E; Cisco Wireless LAN Controllers
• Cisco TrustSec:
- Cisco Catalyst 2960-S/SF/C, 3560, 3560-E/C, 3750, 3750-E Series: SXP only
- Cisco Catalyst 3560-X, 3750-X Series: SXP, SGT, SGACL
- Cisco Catalyst 4500 Series with Supervisor 6(L)-E, 7(L)-E: SXP only
- Cisco Catalyst 6500 with Supervisor Engine 2T: SXP, SGT, SGACL
- Cisco Nexus 7000 and 5000 Series: SXP, SGT, SGACL
- Cisco Nexus 1000v: SXP only
- Cisco Wireless LAN Controller 2500, 5500, Cisco Wireless Service Module
(WiSM) 2, Cisco Wireless Controller on Cisco Services-Ready Engine (SRE): SXP
only
only
- Cisco Integrated Services Router G2: SXP, Security Group Firewall (SG-FW)
- Cisco ASR 1000 Series Aggregation Services Router: SXP, SG-FW
- Cisco ASA 5500 Series Adaptive Security Appliances: SXP, SG-FW
- Virtual Desktop Infrastructure (VDI) and Cisco AnyConnect® Secure Mobility Client
with Remote Desktop Protocol (RDP)
For More Information