Tx 7653 output packets 6642 unicast packets 953 multicast packets 58 broadcast packets 943612 bytes [hk@hk .ssh]$ ssh email@example.com User Access Verification Password: Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php Example 5-22 shows how to verify SSH Server configuration on the NX-OS device. Example 5-22. Verifying SSH Server Configuration on the NX-OS Device Click here to view code image Congo# show ssh server ssh version 2 is enabled Congo# show ssh key ************************************** rsa Keys generated:Wed Sep 30 14:38:37 2009 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsxCDzRe9HzqwzWXSp5kQab2NlX9my68Rd fABGNdwd5q01g5AKfuqvnrkAl7DR9n0d2v2Zde7JbZx2HCUjQFGEVAlK2a7I6 RUf6j/7DBcCdHf1SQrTTvQLhwEhFkbginXqlhuNjSbJj5uxMZYEInenxLswNe 3lBbxdgHCKOSTrVs47PKshwSTPBcoqX/7Df5oCW8Um8ipJ0U3/7lnZlEE9Uz+ ApqfsErAGT4wZo973Iza0Ub3lyWBnChQBN6nScxvYk/1wuqF4P0nS4ujnW9X+ dQDf6f0rj+Txt9L5AfqYnI+bQ==
itcount:2048 fingerprint: 15:63:01:fc:9f:f7:66:35:3c:90:d3:f8:ed:f8:bb:16 Cisco TrustSec Cisco TrustSec is a security architecture that builds upon policy, identity, and security into the network infrastructure. TrustSec security architecture creates secure networks by establishing a trusted set of network devices. Cisco TrustSec security architecture can control and identify the type of devices allowed, location, resources, and what resources are allowed access. This security architecture decouples the access control list (ACL) management of defining IP addresses to ACLs on a distributed enterprise network while having employees, guests, and contractors on the network fabric. Cisco TrustSec can provide audit events, provide authentication information and history, and provide access control to enable enterprises to adhere to regulatory and compliance guidelines. TrustSec includes dynamic virtual local area networks (VLANs), downloadable access control lists (dACLs) or named ACLs. The packet classification is maintained by tagging packets on ingress to the Cisco TrustSec network so that they can be properly identified for the purpose of applying security and other policy enforcement criteria along the data path. The tag, also called the security group tag (SGT), enables the network to enforce the access control policy by enabling the egress device to act upon the SGT to filter traffic. MACsec (IEEE 802.1AE) encryption provides secure data transmission combined with hop-by-hop encrypted data inspection. It builds upon existing identity-aware infrastructure while helping to ensure complete data confidentiality between network devices. The Cisco TrustSec architecture enables a more scalable network access control with authentication, classification, and authorization. Authentication methods follows: • 802.1X-based endpoint authentication • MAC Authentication Bypass After authentication, TrustSec can classify and apply a specific policy for the authenticated endpoint. This enforcement method is Authorization. TrustSec supports the following Authorization methods: • Dynamic VLAN Assignment • Downloadable ACL from ISE • Security Group Tag/Security Group ACL (SGTACL) Figure 5-9 illustrates the Cisco TrustSec reference topology for the Cisco TrustSec example throughout the section.