EasyManuals Logo
Home>Cisco>Switch>TrustSec

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #41 background imageLoading...
Page #41 background image
3-5
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Enabling Cisco TrustSec Authentication and MACsec in 802.1X Mode on an Uplink Port
Enabling Cisco TrustSec Authentication and MACsec in 802.1X
Mode on an Uplink Port
You must enable Cisco TrustSec authentication on each interface that will connect to another Cisco
TrustSec device. To configure Cisco TrustSec authentication with 802.1X on an uplink interface to
another Cisco TrustSec device, perform this task:
Detailed Steps for Catalyst 6500
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# interface type slot/port
Enters interface configuration mode for the uplink
interface.
Step 3
Router(config-if)# cts dot1x
Configures the uplink interface to perform NDAC
authentication.
Step 4
Router(config-if-cts-dot1x)# [no] sap
mode-list mode1 [mode2 [mode3 [mode4]]]
(Optional) Configures 802.1AE MACsec with the SAP
operation mode on the interface. The interface will
negotiate with the peer for a mutually-acceptable
mode. List the acceptable modes in your order of
preference. Choices for mode are:
gcm— Authentication and encryption
gmac— Authentication, no encryption
no-encap— No encapsulation
null— Encapsulation, no authentication,
no encryption
Note MACsec with SAP is not supported on the
Catalyst 3K switches.
Note If the interface is not capable of SGT insertion
or data link encryption, no-encap is the default
and the only available SAP operating mode.
Step 5
Router(config-if-cts-dot1x)# [no] timer
reauthentication seconds
(Optional) Configures a reauthentication period to be
used if the authentication server does not specify a
period. If no reauthentication period is specified, the
default period is 86400 seconds.
Step 6
Router(config-if-cts-dot1x)# [no]
propagate sgt
(Optional) The no form of this command is used when
the peer is incapable of processing an SGT. The no
propagate sgt command prevents the interface from
transmitting the SGT to the peer.
Step 7
Router(config-if-cts-dot1x)# exit
Exits Cisco TrustSec 802.1X interface configuration
mode.
Step 8
Router(config-if)# shutdown
Disables the interface.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
BrandCisco
ModelTrustSec
CategorySwitch
LanguageEnglish

Related product manuals