Home > Store

Cisco TrustSec LiveLessons: Deployment, Configuration and Troubleshooting Techniques

Downloadable Video

  • Your Price: $159.99
  • List Price: $199.99
  • About this video
  • Accessible from your Account page after purchase. Requires the free QuickTime Player software.

    Videos can be viewed on: Windows 8, Windows XP, Vista, 7, and all versions of Macintosh OS X including the iPad, and other platforms that support the industry standard h.264 video codec.

Register your product to gain access to bonus material or receive a coupon.

Buy Lessons

DRM-Free Video Downloads. Purchase and immediately download individual lessons from this video. Make your lesson selections below and click on the Buy button.

Videos can be viewed on: Windows 8, Windows XP, Vista, 7, and all versions of Macintosh OS X including the iPad, and other platforms that support the industry standard h.264 video codec. Requires the free QuickTime Player software.


Lesson 1

Lesson 1: Understanding and Positioning Cisco TrustSec, Downloadable Version

Lesson 1: Understanding and Positioning Cisco TrustSec

In this lesson, you will explore what Cisco TrustSec is and also examine positioning and problem space. You will also familiarize yourself Cisco TrustSec Versus Legacy Network Access and Cisco TrustSec Domains and be introduced to the concept of the Security Group Tag (SGT).

Duration: 00:28:33  File Size: 135 MB


Lesson 2

Lesson 2 : Understanding Cisco TrustSec Functions - Classification, Downloadable Version

Lesson 2: Understanding TrustSec Functions — Classification

TrustSec is built on three functions. Classification deals with how users and network resources are classified in order to be granted network access. Dynamic and static methods are covered in this lesson. After resources are classified, this information needs to be propagated to network enforcement points. This topic presents three methods of propagating SGTs: Inline, Security Group Tag Exchange Protocol over TCP (SXP), and SGT Caching. Security policy is enforced on Cisco devices based on SGT assignments. This topic looks at enforcement using Security Group Access Control Lists (SGACLs) and Security Group Firewall (SG-FW) rules and how this information is distributed and verified.

Duration: 00:46:30  File Size: 227 MB


Lesson 3

Lesson 3: Understanding Cisco TrustSec Functions - Propagation, Downloadable Version

Lesson 3: Understanding TrustSec Functions — Propagation

This lesson discusses propagation methods. SGT information is required to be propagated to enforcement devices within a Cisco TrustSec domain. Propagation can be performed using several methods to be described in the lesson. Inline via hardware assist, via SXP, a TCP-based peer-to-peer protocol, and using SGT caching.

Duration: 00:31:44  File Size: 139 MB


Lesson 4

Lesson 4: Understanding TrustSec Technical Functions - Enforcement, Downloadable Version

Lesson 4: Understanding TrustSec Functions — Enforcement

This lesson covers policy enforcement. Enforcement is applied using SGACLs or SGFWs depending on the TrustSec device used as the enforcement point. Enforcement devices must be authenticated and authorized into a Cisco TrustSec domain so the concept of NDAC is discussed as part of this lesson.

Duration: 00:33:00  File Size: 154 MB


Lesson 5

Lesson 5: Implementing TrustSec on the Cisco ISE, Downloadable Version

Lesson 5: Implementing TrustSec on The Cisco ISE

The Cisco ISE plays a key role in enabling the creating of a TrustSec domain and distributing policy information to trusted network devices. This lesson reviews how to configure ISE to support TrustSec.

Duration: 00:30:16  File Size: 137 MB


Lesson 6

Lesson 6: Implementing TrustSec on Cisco Switches and Routers and Wireless Devices, Downloadable Version

Lesson 6: Implementing TrustSec on Cisco Wired and Wireless Devices

This lesson will cover configuring common network access devices including Catalyst switches and Cisco WLCs to enable TrustSec functions that are applied at the access layer and distribution layer of the network.

Duration: 00:49:39  File Size: 230 MB


Lesson 7

Lesson 7: Implementing Cisco TrustSec on the Cisco Firewalls, Downloadable Version

Lesson 7: Implementing Cisco TrustSec on the Cisco Firewalls

The Cisco ASA and Cisco Zone-Based Firewall can use SGTs to identify traffic of interest for security policy enforcement. This lesson will describe the differences between the firewalls and present sample configurations.

Duration: 00:26:43  File Size: 112 MB


Lesson 8

Lesson 8: Integrating TrustSec with Cisco VPN Solutions, Downloadable Version

Lesson 8: Implementing TrustSec with Cisco VPN Solutions

Cisco TrustSec is integrated with other security technologies such as GETVPN, IKEv2/IPsec, and AnyConnect Solutions. This lesson will describe and present sample configurations for using SGTs with other Cisco security mechanisms.

Duration: 00:18:02  File Size: 83 MB


Lesson 9

Lesson 9: TrustSec Deployment Considerations, Downloadable Version

Lesson 9: TrustSec Deployment Considerations

Implementing TrustSec into a new or existing network requires planning and an understanding of device positioning, design guidelines, and any limitations. This lesson will outline practical information for deploying a TrustSec solution.

Duration: 00:40:25  File Size: 184 MB


  • Copyright 2015
  • Edition: 1st
  • Downloadable Video
  • ISBN-10: 1-58720-563-7
  • ISBN-13: 978-1-58720-563-7

5 hours of video instruction

5 hours of video tutorial for understanding, deploying, configuring, and troubleshooting Cisco TrustSec.

Learn the ins and outs of Cisco TrustSec in this practical video tutorial. Hands-on theory and demos will include configuration and troubleshooting information and tips based on the network access to data center end-to-end use case. Follow configuration steps to implement a solution in your own networks. This course is also perfect for certification candidates preparing for the CCNP Security and CCIE Security exams.

This video series covers topics relevant to TrustSec and will also include references to some new features recently made available on devices like the Cisco ASA. This is a key resource for understanding how Cisco TrustSec differs from traditional methods for securing network access and also to understanding the benefits this brings to an organization from both a cost-effectiveness standpoint as well as meeting ease of use, centralized policy management, and compliance goals.

Major topics are as follows:

1)         Understanding and Positioning Cisco TrustSec

2)         Cisco TrustSec Functions: Classification, Propagation, and Enforcement

3)         Implementing TrustSec on Cisco ISE

4)         Implementing TrustSec on Wired and Wireless Devices

5)         Implementing Cisco TrustSec on Cisco Firewalls

6)         Implementing Cisco TrustSec with Cisco VPN Solutions

7)         TrustSec Deployment Considerations

Skill Level

  • Intermediate to advanced

What You Will Learn

  • How to enhance network security through data flow segmentation.
  • How TrustSec enables consistent enforcement of security policy across a wide range of Cisco products.
  • Using Cisco ISE for centralized policy management and distribution in a TrustSec domain.
  • How TrustSec is a data segmentation method that provides adherence to compliance standards such as PCI.
  • The benefits of applying security policy based on Role Based Access Control (RBAC), which is not dependent on IP addresses, VLANs, or other topology related constructs.
  • How TrustSec easily integrates with other network security methods and techniques.
  • Implementing TrustSec to several use cases including campus and WAN.
  • How TrustSec can be implemented in a step-by-step manner that facilities migration strategies.
  • Understand how TrustSec provides uniform support for IPv4 and IPv6 networks.

Who Should Take This Course

  • Primary audience: Those currently involved in the IT industry as security or networking professionals looking to gain knowledge in the area of deploying Cisco TrustSec to replace or enhance traditional methods for securing network access and protecting key resources. This topic is also relevant to those that are charged with meeting organizational and industry compliance requirements.
  • Secondary audience: Prospective candidates for CCNP, CCIE or other Cisco certifications seeking a definitive reference guide for Cisco TrustSec as it pertains to possible exam content.

Course Requirements

  • A good understanding of security basics and familiarity with general networking concepts, infrastructure, and communication.
  • Some exposure to configuring Cisco equipment including routers, Catalyst and Data Center switches, and the Cisco ASA and Cisco ISE.
  • Familiarity with security protection methods.

Table of Contents

Lesson 1: Understanding and Positioning Cisco TrustSec

1.1: TrustSec Problem Space

1.2: TrustSec Versus Legacy Network Access

1.3: TrustSec Domains

1.4: TrustSec Functions

Lesson 2: Understanding TrustSec Functions - Classification

2.1: Classification Fundamentals

2.2: Dynamic Classification

2.3: Static Classification Types and Methods

2.4: Static Classification Implementation

Lesson 3: Understanding TrustSec Functions - Propagation

3.1: Inline Propagation

3.2: SXP Propagation

3.3: Propagation Using SGT Caching

Lesson 4: Understanding TrustSec Functions - Enforcement

4.1: Enforcement Characteristics and Security Group Tags

4.2: Enforcement with Security Group ACLs

4.3: IOS Switch Configuration for Enforcement

4.4: Enforcement on Firewalls

4.5: Enforcement Verification

Lesson 5: Implementing TrustSec on Cisco ISE

5.1: TrustSec Domains

5.2: Security Group Tags

5.3: SGACLS and Egress Policies

Lesson 6: Implementing TrustSec on Cisco Wired and Wireless Devices

6.1: Design Considerations for TrustSec on Cisco Wired/Wireless Devices:

6.2: Wired Classification

6.3: Wired Propagation and Enforcement

6.4: Extending TrustSec

6.5: Wireless Networks

6.6: Verifying Deployment

Lesson 7: Implementing Cisco TrustSec on Cisco Firewalls

7.1: Design Considerations

7.2: Cisco Adaptive Security Appliance

7.3: Cisco Zone-Based Firewall

Lesson 8: Implementing TrustSec with Cisco VPN Solutions

8.1: IKEv2 and IPsec VPNs


8.3: AnyConnect VPNs

Lesson 9: TrustSec Deployment Considerations

9.1: Platform Guidelines

9.2: SXP Design Guidelines

9.3: Incorporating Non-TrustSec Devices

9.4: User-to-Data Center Use Case

About LiveLessons Video Training

LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at: http://www.informit.com/livelessons

About the Essentials Series

The Cisco Press video library is an indispensable tool for keeping up with the latest Cisco technologies. We have published hundreds of up-to-date videos on wide variety of key topics for Professionals and IT Certification candidates. The Video Mentor series is now part of the acclaimed LiveLessons series; otherwise, we haven't changed a thing. Whether you are a beginner, intermediate, or expert, you'll find the certification video training you need to accelerate your learning. So, what do you want to learn today? [http://www.ciscopress.com/series/series.asp?ser=2185116]

Sample Content

Table of Contents

Understanding and Deploying Cisco TrustSec

Lesson 1: Understanding and Positioning Cisco TrustSec

1.1: Cisco TrustSec Problem Space

1.2: Cisco TrustSec versus Legacy Network Access

1.3: Cisco TrustSec Domains

1.4: Cisco TrustSec Functions

Lesson 2: Cisco TrustSec Functions

2.1: Classification Overview

2.2 : Classification (Dynamic)

2.3 : Classification (Static)

2.4 : Propagation (Inline)

2.5 : Propagation (SXP)

2.6 : Propagation (SGT Caching)

2.7 : Enforcement

Lesson 3: Implementing TrustSec on The Cisco ISE

3.1: Adding Network Devices

3.2: Creating a CTS domain

3.3: Creating SGTs and SGACLs

3.4: Building a policy matrix

Lesson 4: Implementing TrustSec on Cisco Switches and Routers and Wireless Devices

4.1: Implementing classification, propagation and enforcement in Wired Networks

4.2: Implementing classification, propagation and enforcement in Wireless Networks

Lesson 5: Implementing Cisco TrustSec on Cisco Firewalls

5.1: Implementing classification, propagation and enforcement on the Cisco ASA

5.2: Implementing classification, propagation and enforcement on CISCO IOS FWS

Lesson 6: Integration of Cisco TrustSec with other Cisco Security Features


6.2: IKEv2/IPsec

6.3: Anyconnect

Lesson 7: Solution Design Tips, Guidelines and Migration Strategies

7.1: Platform guidelines

7.2: Implementing an SXP strategy

7.3: Incorporating 3rd Party equipment

7.4 Building and Verifying Network Access to Data Center Solutions


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020