EasyManuals Logo
Home>Cisco>Switch>TrustSec

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #38 background imageLoading...
Page #38 background image
3-2
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Configuring Credentials and AAA for a Cisco TrustSec Seed Device
Configuring Credentials and AAA for a Cisco TrustSec Seed
Device
A Cisco TrustSec-capable device that is directly connected to the authentication server, or indirectly
connected but is the first device to begin the TrustSec domain, is called the seed device. Other Cisco
TrustSec network devices are non-seed devices.
To enable NDAC and AAA on the seed switch so that it can begin the Cisco TrustSec domain, perform
these steps:
Detailed Steps for Catalyst 6500, Catalyst 3K
Command Purpose
Step 1
Router# cts credentials id device-id
password password
Specifies the Cisco TrustSec device ID and password
for this switch to use when authenticating with other
Cisco TrustSec devices with EAP-FAST. The
device-id argument has a maximum length of 32
characters and is case sensitive.
Step 2
Router# configure terminal
Enters global configuration mode.
Step 3
Router(config)# aaa new-model
Enables AAA.
Step 4
Router(config)# aaa authentication dot1x
default group radius
Specifies the 802.1X port-based authentication
method as RADIUS.
Step 5
Router(config)# aaa authorization
network mlist group radius
Configures the switch to use RADIUS authorization
for all network-related service requests.
mlist—The Cisco TrustSec AAA server group.
Step 6
Router(config)# cts authorization list
mlist
Specifies a Cisco TrustSec AAA server group.
Non-seed devices will obtain the server list from the
authenticator.
Step 7
Router(config)# aaa accounting dot1x
default start-stop group radius
Enables 802.1X accounting using RADIUS.
Step 8
Router(config)# radius-server host
ip-addr auth-port 1812 acct-port 1813
pac key secret
Specifies the RADIUS authentication server host
address, service ports, and encryption key.
ip-addr—The IP address of the authentication
server.
secret—The encryption key shared with the
authentication server.
Step 9
Router(config)# radius-server vsa send
authentication
Configures the switch to recognize and use
vendor-specific attributes (VSAs) in RADIUS
Access-Requests generated by the switch during the
authentication phase.
Step 10
Router(config)# dot1x
system-auth-control
Globally enables 802.1X port-based authentication.
Step 11
Router(config)# exit
Exits configuration mode.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
BrandCisco
ModelTrustSec
CategorySwitch
LanguageEnglish

Related product manuals