Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

48-15

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 48 Configuring MACsec Encryption

Understanding MKA MACsec with EAP-TLS

Ensure that you enroll both the participating devices and the RADIUS server to the PKI infrastructure.

For more information on PKI configuration, see the Public Key Infrastructure Configuration Guide.

Configuring MKA MACsec Using EAP-TLS

To configure MACsec with MKA on point-to-point links, perform these tasks:

• Configure an Authentication Policy

• Configure EAP-TLS Profiles and IEEE 802.1x Credentials

• Configure 802.1x and MKA MACsec using EAP-TLS on Interfaces

Configuring EAP-TLS and 802.1x Credentials

To configure EAP-TLS and 802.1x credentials, perform the following task:

Step 8

exit

Exits ca-trustpoint configuration mode and returns to global configuration

mode.

Step 9

crypto pki authenticate name

Retrieves the CA certificate and authenticates it.

Step 10

crypto pki enroll name

Generates certificate request and displays the request for copying and

pasting into the certificate server.

Enter enrollment information when you are prompted. For example,

specify whether to include the device FQDN and IP address in the

certificate request.

You are also given the choice about displaying the certificate request to

the console terminal.

The base-64 encoded certificate with or without PEM headers as

requested is displayed.

Step 11

crypto pki import name certificate

Imports a certificate via TFTP at the console terminal, which retrieves the

granted certificate.

The device attempts to retrieve the granted certificate via TFTP using the

same filename used to send the request, except the extension is changed

from “.req” to “.crt”. For usage key certificates, the extensions “-sign.crt”

and “-encr.crt” are used.

The device parses the received files, verifies the certificates, and inserts

the certificates into the internal certificate database on the router.

Note Some CAs ignore the usage key information in the certificate

request and issue general purpose usage certificates. If your CA

ignores the usage key information in the certificate request, only

import the general purpose certificate. The device will not use one

of the two key pairs generated.

Step 12

exit

Exits Global Configuration mode.

Step 13

show crypto pki certificate

trustpoint name

Displays information about the certificate for the trust point.

Step 14

copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E