Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

questions about trust sec

i read some articles about cisco's trustsec,the main merits are :sec the datapath(by 802.1AE);unified policy;role based access control.but i still have some questions:

1 i know Trusted computing Group,an orgnizaiton whose object is to build a more secure envorienment: PC,network etc.they have some WGs,one of them is TNC,Trusted netwok connected.recently i am also doing  some studying on trusted network,related to TCG's TNC.Why we use IPS,firewall to protect our campus and data center network before we use it?becase we don't trust it,we believe there must be virus and attacks in it.can we build a trusted campus network ,a trusted datacenter network without IPS,firewall(that is we trust the network).This is the content of my studying.does cisco'trustsec has something to do with the trusted network i mentioned here?--raise the secure level of the network to make it more trusted?

2 there are some working steps of trustsec:authentication,authorization and secure parameter negotiation.can you describe the initial scenario when all the switches unauthenticated(following pic shows 4 switches forming a loop,ACS server connects to switch2),and how they are authenticated by ACS server or by each other step by step and finally build the secure domain?there is a special switch called "seed",and does it play special function during the initial authentication process? I thinked it over and over and can not figure it out.

switch1-------switch2----ACS server

|                |

switche3------switch4

3  the working process said   "ingress tagging,egress filtering and packet will take with the tag along  the path".Is the tag packaged into the head of macsec packet?if yes,how is it transfered all the way because macsec is only for local link,i don't know how the tag infomation is transfered from the client,transiting multiple switches and to the server finally?i think trustsec can do all these actions on egress switches only:egress tagging ,egress filtering,why don't you suggest that?

4 trustsec seems like the cisco's private technology,how do you think to cooperation with other vendor's products? or do you do some work to let it be a standard in the future?

Version history
Revision #:
1 of 1
Last update:
‎01-11-2010 07:26 PM
Updated by:
 
Labels (1)
Everyone's tags (1)