7-71
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
sap (cts dot1x interface submode)
Use the timer reauthentication command to configure the reauthentication period to be applied to the
CTS link in case the period is not available from the Cisco Secure ACS. The default reauthentication
period is 86,400 seconds.
Note Because TrustSec NDAC and SAP are supported only on a switch-to-switch link, dot1x must be
configured in multi-hosts mode. The authenticator PAE starts only when dot1x system-auth-control is
enabled globally.
Examples The following example specifies that SAP is to negotiate the use of CTS encapsulation with GCM cipher,
or null-cipher as a second choice, but can accept no CTS encapsulation if the peer does not support CTS
encapsulation in hardware.
Router(config-if-cts-dot1x)# sap modelist gcm-encrypt null no-encap
Related Commands Command Description
propagate (cts dot1x
submode)
Enables/disables SGT propagation in dot1x mode.
sap (cts dot1x interface
submode)
Configures CTS SAP for dot1x mode.
timer (cts do1x interface
submode)
Configures the CTS timer.
To Next Page
Loading...
