[c-nsp] NX-OS - Cisco TrustSec
Erik Witkop
ewitkop at gmail.com
Tue May 11 20:31:41 EDT 2010
AFAIK, you need to use the secure radius protocol to ACS. The ACS holds
all the tags and policies between the tags.
The cts device-id syntax that you mention below are in regards to NDAC.
The concept of NDAC is to control what network devices can join the
network and maybe even check IOS versions, etc...
During NDAC after authenticating with the cts device-id xxxxxx, the
Nexus device receives a PAC file (such as in EAP-FAST). The PAC file is
used to secure the radius protocol over to the ACS.
But all the tags and policies come from the ACS. I could be wrong, but I
don't think it can currently be done locally. Unless something has
changed in the last 2 years or so.
More information about the cisco-nsp
mailing list