48-16
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 48 Configuring MACsec Encryption
Understanding MKA MACsec with EAP-TLS
Configuring an Authentication Policy
To configure an authentication policy, perform the following task:
Command Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
dot1x credentials profile
Creates 802.1x credentials profile. This must be attached to the port that
is configured as supplicant.
Step 3
username name
Creates a username.
Step 4
password password
Creates a password.
Step 5
exit
Exits dot1x-creden configuration mode and returns to global
configuration mode.
Step 6
eap profile name
Configures the EAP profile, and enters eap-profile configuration mode.
Step 7
method tls
Configures the EAP-TLS method.
Step 8
pki trustpoint name
Configures the default PKI trustpoint.
Step 9
exit
Exits eap-profile configuration mode and enters global configuration
mode.
Step 10
service-template name
Creates a service template and enters service template configuration
mode.
Step 11
linksec policy must-secure
Sets a data link layer security policy, The must-secure keyword specifies
that the device port must be authorized only if a secure MACsec session
is established.
Step 12
exit
Exits service-template configuration mode and returns to global
configuration mode.
Step 13
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
exit
Exits service-template configuration mode and returns to global
configuration mode.
Step 3
policy-map type control subscriber
control-policy-name
Defines a control policy for subscriber sessions and enters control
policy-map event configuration mode.
Step 4
event event-name match-all
Specifies that the session-started event triggers actions in a control policy
if conditions are met.
match-all is the default behavior.
Step 5
priority-number class always
do-until-failure
Associates a priority with an action in the control policy.
Step 6
action-number authenticate using
dot1x both
Initiates the authentication of a subscriber session using the IEEE 802.1x
method as both a supplicant and an authenticator.
Step 7
event authentication-failure
match-all
Specifies that the authentication-failure event triggers actions in a
control policy if conditions are met.
match-all is the default behavior.
To Next Page
Loading...
