Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

48-14

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 48 Configuring MACsec Encryption

Understanding MKA MACsec with EAP-TLS

Configuring Manual Enrollment

If your CA does not support SCEP or if a network connection between the router and CA is not possible.

Perform the following task to set up manual certificate enrollment:

Step 8

auto-enroll percent regenerate

Enables auto-enrollment, allowing the client to automatically request a

rollover certificate from the CA.

If auto-enrollment is not enabled, the client must be manually re-enrolled

in your PKI upon certificate expiration.

By default, only the Domain Name System (DNS) name of the device is

included in the certificate.

Use the percent argument to specify that a new certificate will be

requested after the percentage of the lifetime of the current certificate is

reached.

Use the regenerate keyword to generate a new key for the certificate even

if a named key already exists.

If the key-pair being rolled over is exportable, the new key pair will also

be exportable. The following comment will appear in the trustpoint

configuration to indicate whether the key pair is exportable: “! RSA key

pair associated with trustpoint is exportable.”

It is recommended that a new key pair be generated for security reasons.

Step 9

crypto pki authenticate name

Retrieves the CA certificate and authenticates it.

Step 10

exit

Exits Global Configuration mode.

Step 11

show crypto pki certificate

trustpoint name

Displays information about the certificate for the trust point.

Command Purpose

Step 1

configure terminal

Enters global configuration mode.

Step 2

crypto pki trustpoint server name

Declares the trustpoint and a given name and enters ca-trustpoint

configuration mode.

Step 3

enrollment terminal

Specifies the manual cut-and-paste certificate enrollment method.

The certificate request will be displayed on the console terminal so that it

may be manually copied (or cut).

The pem keyword configures the trustpoint to generate PEM-formatted

certificate requests to the console terminal.

Step 4

rsakeypair label

Specifies which key pair to associate with the certificate.

Step 5

serial-number none

The none keyword specifies that a serial number will not be included in

the certificate request.

Step 6

ip-address none

The none keyword specifies that no IP address should be included in the

certificate request.

Step 7

revocation-check crl

Specifies CRL as the method to ensure that the certificate of a peer has not

been revoked.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E