Cisco Cisco Firepower Management Center 2000 Guia De Resolução De Problemas
Contents
Introduction
Components Used
Overview
The User-IP Mapping Method
The Inline Tagging Method
Troubleshooting
From the Restricted Shell of a Firepower Device
From the Expert Mode of a Firepower Device
From the Firepower Management Center
Introduction
Cisco TrustSec utilizes tagging and mapping of Layer 2 Ethernet frames to segregate traffic
without affecting existing IP infrastructure. Tagged traffic can be treated with security measures
with greater granularity.
without affecting existing IP infrastructure. Tagged traffic can be treated with security measures
with greater granularity.
Integration between the Identity Services Engine (ISE) and Firepower Management Center (FMC)
allows TrustSec tagging to be communicated from the client authorization, which can be used by
Firepower to apply access control policies based on the client's Security Group Tag. This
document discusses the steps to integrate ISE with the Cisco Firepower technology.
allows TrustSec tagging to be communicated from the client authorization, which can be used by
Firepower to apply access control policies based on the client's Security Group Tag. This
document discusses the steps to integrate ISE with the Cisco Firepower technology.
Components Used
This document uses following components in the example setup:
Identity Services Engine (ISE) Version 2.1
●
Firepower Management Center (FMC) Version 6.x
●
Cisco Adaptive Security Appliance (ASA) 5506-X Version 9.6.2
●
Cisco Adaptive Security Appliance (ASA) 5506-X Firepower Module, Version 6.1
●
Overview
There are two ways for a sensor device to detect the Security Group Tag (SGT) assigned to the
traffic:
traffic:
Through User-IP mapping
1.
Through Inline SGT tagging
2.
The User-IP Mapping Method
To ensure TrustSec information is used for access control, the integration of ISE with an FMC
goes through the following steps:
goes through the following steps: