EasyManuals Logo

Cisco Catalyst 4500 Series Administration Guide

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1133 background imageLoading...
Page #1133 background image
45-11
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 45 Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
To delete the Cisco TrustSec credentials, enter the clear cts credentials privileged EXEC command.
This example shows how to create Cisco TrustSec credentials:
Switch# cts credentials id trustsec password mypassword
CTS device ID and password have been inserted in the local keystore. Please make
sure that the same ID and password are configured in the server database.
Switch# show cts credentials
CTS password is defined in keystore, device-id = trustsecchange-password Initiate
password change with AAA server
Note Before you configure Cisco TrustSec MACsec authentication, you should configure Cisco TrustSec seed
and non-seed devices. For 802.1X mode, you must configure at least one seed device, that device closest
to the access control system (ACS). See this section in the Cisco TrustSec Switch Configuration Guide:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html
Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1X Mode
You enable Cisco TrustSec link layer switch-to-switch security on an interface that connects to another
Cisco TrustSec device. When configuring Cisco TrustSec in 802.1X mode on an interface, follow these
guidelines:
• To use 802.1X mode, you must globally enable 802.1X on each device.
• If you select GCM as the SAP operating mode, you must have a MACsec encryption software
license from Cisco.
Note MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported
with the NPE license or with a LAN Base service image.
If you select GCM without the required license, the interface is forced to a link-down state.
To configure Cisco TrustSec switch-to-switch link layer security with 802.1X, perform this task:
Command Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface interface-id
Enters interface configuration mode.
Step 3
cts dot1x
Configures the interface to perform NDAC authentication.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Message Guide
Message Guide146 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Datasheet
Datasheet11 pages
Preview: Overview
Overview46 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals