Cisco TrustSec Platform and Capability Matrix

Size: px

Start display at page:

Download "Cisco TrustSec Platform and Capability Matrix"

Shona Walsh
6 years ago
Views:

TrustSec and Capability Matrix TrustSec uniquely builds upon your existing identityaware infrastructure by enforcing segmentation and access control policies in a scalable manner using the s detailed

Level validated versions may not always represent the latest available firmware versions on given platforms.

1 TrustSec and Capability Matrix TrustSec uniquely builds upon your existing identityaware infrastructure by enforcing segmentation and access control policies in a scalable manner using the s detailed below: This table lists latest IOS, IOSXE, and NXOS versions that the TrustSec features. This version is aligned with TrustSec 5.2 validation. Level validated versions may not always represent the latest available firmware versions on given platforms. Capabilities Note () to Identity Engine 2000 ISE 3415 and 3495 Appliance and VMware 2960 (includes 2960G, 2960PD) 2960Plus 2960C 2960CX 2960S and 2960 SF IPto mapping & provisioning to switches Web Auth IPto Vto IPto Vto IPto Vto IPto Vto ISE 1.2 Patch 1 IOS IOS IOS 15.2(3)E IOS ISE 1.3 Patch1 IOS 15.0(2)SE 2 Base Base Base Base Base Page 1 of 8

2 Capabilities Note () to 2960X and 2960 XR IPto Vto IOS IOS 15.0(2)EX 4 Base E and 3750 E 3560 C/CG 3560CX 3560X and 3750 X 3650 and Engine 6E and 6LE 4948 IPto Vto IPto Vto IPto Vto IPto Vto IPto Vto Portto L3IFto IPto IPto over over (with builtin ports & C3KX SM10G) over over IOS 15.0(2)SE5 IOS IOS 15.2(3)E IOS IOS XE 3.6.0SE IOS 15.1.(1) IOS 15.1.(1) IOS 15.0(2)SE 5 IOS 15.0(1)SE 2 IOS 15.2(3) E IOSXE 3.3.4SE 3.7.0E IOS 15.1.(1)S G Page 2 of 8

3 Capabilities Note () to Engine 7E and 7LE 4500 Engine 8E 4500X 6500 Engine 32 and Engine 2T IPto Vto Portto L3IFto IPto Vto Portto (SRC & DST) L3IFto IPto Vto Portto L3IFto IPto Vto (15.2) Portto (15.2) (15.2) IPto Vto Portto L3IFto (version (2)SY3, version (33)SX I) Yes* (See footnote for list of ed line cards) over over over over over over (requires WS X6900 line card) IOS XE 3.5.1E IOS XE 3.6.0E IOS XE 3.5.1E IOS 15.1(2)SY3 12.2(33)SX J2 IOS 15.1(2)SY1 IOS XE 3.5.1E IOSXE 3.3.0XO IOS XE 3.5.1E IOS 12.2(33)S XJ2 IOS 15.1(2)SY and 6800ia IPto Vto Portto L3IFto over over (requires WS X6900 for 6807) IOS 15.1(2)SY1 IOS 15.0(1)SY 1 ( 6880X) Page 3 of 8

4 Capabilities Note () to Connected Grid Routers and Industrial Controllers 2010 Connected Grid Routers 2500 Connected Grid IE 2000 IE 3000 IE 4000 Controller 5500 and 2500 ; Module 2 (WiSM2) IPto Vto IPto Vto Portto IPto Vto Portto IPto Vto Portto IPto Vto Portto (version 3) (version 3) (version 3) (version 3) FlexConne ct Central Switching Mode and Centralized mode SXP (AirOS8.0) Local Switch Mode does not SXP over GETVPN or VPN (No over ) IOS 15.4(1)T IOS 15.0(2)EK1 IOS 15.2(1)EY IOS 15.2(1)EY IOS A AirOS IOS 15.4(1)T IOS 15.0(2)EK 1 IOS 15.2(1)EY AirOS Lite does not TrustSec Lite does not TrustSec Lite does not TrustSec Page 4 of 8

5 Capabilities Note () to Data Center Controller 7500, 8500 and vwlc 5760 Controller All except F line cards and chassis (except F1 module) 7000 F3 line cards and chassis 6000/ P, 5548UP, and 5596UP (Note: No for 5010 or 5020) 1000V for VMware vsphere IPto Vto Portto IPto Vto Portto PortProfileto (Known Limitation: vpc/fabric Path are not ed with some TrustSec features**) IPto PortProfileto Vto with vpc/vpc+ Portto with vpc/vpc+ Portto Portto IPto PortProfileto over over over ( ed on all line cards except F1,F2, F3 40/100G line cards) over over ( ed on CE ports) over over over IOS XE 3.3.1SE NX OS 6.2(8) NX OS 7.2(0)D1(1) NX OS 7.0(1)N1(1 ) NX OS 6.0(2)N2(5 ) NX OS 5.2(1)SV3( 1.1) (required for /AC L ) NXOS 6.2(10) NXOS 7.0(5)N1( 1) 7.1(0)N1( 1a) NXOS 7.0(5)N1( 1), 6.0(2)N2( 5) NXOS 5.2(1)SV3 (1.2) in Base license 6.1 and later in Base license 7.2 and later Advanc ed required Page 5 of 8

6 Capabilities Note () to UCS 6200 Fabric Interconnec ts Integrated Router () G2 ASR 1000 Aggregatio n Routers UCS 6248UP Fabric Interconne ct , 2900, X G2 SM X Layer 2/3 EtherSwitc h Module Cloud Router 1000V ASR 1000 Router Processor 1 or 2 (RP1/RP2); ASR 1001, 1002/4/6, and 1013 Routers with Embedded Processor (10, 20, or 40 Gbps) and SPA Interface Processor (10/40) IPto L3IFto IPto L3IFto IPto L3IFto IPto Vto IPto L3IFto IPto L3IFto over GET over over GET over over GET over over over, over over GET IOS 15.4(3)M IOS 15.4(3)M IOS XE 3.13(0)S IOS IOS XE 3.11(0)S IOS XE 3.13(0)S 2.2(3c) IOS 15.2(2)T IOS 15.2(2)T IOSXE 3.11(0)S IOS 15.0(2)EJ 1 IOSXE 3.11(0)S SEC/ SEC/ SEC/ SEC/ SEC/ ASR100 0 SEC FW Page 6 of 8

7 Capabilities Note () to ASA 5500 and 5500X ASR1001 X and 1002X ASA 5505, 5510, 5520, 5540, 5550, 5580 ASAv ASA 5512X, 5515X, 5525X, 5545X 5555X, 5585X with FirePower IPto L3IFto Remote Access VPN (IPSec, SSL VPN) Remote Access VPN (IPSec, SSL VPN) over over GET over over IOS XE S ASA 9.0.1, ASDM ASA 9.3.1, ASDM ASA 9.3.1, ASDM ASA ASA9.3.1, ASDM ASR100 0 SEC FW For the secure access solution compatibility matrix, please visit Notes to represents the version to all the s listed for that platform. It does not always represent availability of a specific feature set. For example, 3560E and 3750E s dynamic classification as well as other static classifications such as IP and V mapping features. In order to use all of those features, the switch needs to be running at least IOS 15.0(2)SE5. Product part numbers of ed line cards for inline on the 4500 Engine 7E and Supervise Engine 7LE include the following: WSX4712SFP+E, WSX4748UPOE+E, WSX4748RJ45V+E, WSX4748RJ45E, WSX4640CSPE. IP to, V to, subnet to, port profile to, port to (also known as L2IF to in some platform documentation), and L3IF to use the static classification method. For TrustSec classification, propagation, and enforcement, an license is required for 3560, 3560E, 3750, 3750E, 3560C, 3560X, 3750X, 4500 Sup6(L)E, 4500 Sup7(L)E, 6500 Sup720, and 6500 Sup2T. Page 7 of 8

8 ** Currently 7000 s IP binding for static classification method when vpc+/fabricpath are configured. Printed in USA CXXXXXXXXXX 10/11 Page 8 of 8

Cisco TrustSec Software-Defined Segmentation Platform and Capability Matrix

Cisco TrustSec Software-Defined Segmentation Platform and Capability Matrix Sales Tool TrustSec Software-Defined Segmentation Platform and Capability Matrix TrustSec uniquely builds upon your existing identity-aware infrastructure by enforcing segmentation and access control policies