3-9
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Regenerating SAP Key on an Interface
Router(config-if)# shutdown
Router(config-if)# no shutdown
Router(config-if)# end
Catalyst 3850 TrustSec interface configuration in manual mode:
Switch# configure terminal
Switch(config)# interface gig 1/0/5
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# policy dynamic identity my_cisco_ise_id
Switch(config-if-cts-manual)# exit
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
Router(config-if)# end
Regenerating SAP Key on an Interface
The ability to manually refresh encryption keys is often part of network administration security
requirements. SAP key refresh ordinarily occurs automatically, triggered by combinations of network
events and non-configurable internal timers.
Detailed Steps for Catalyst 6500, Catalyst 3850/3650
Verifying the Cisco TrustSec Interface Configuration
To view the TrustSec-relate interface configuration, perform this task:
Detailed Steps for Catalyst 6500
Example: Show Cisco 6500 TrustSec interface configuration:
Router# show cts interface interface gi3/3
Global Dot1x feature is Enabled
Interface GigabitEthernet3/3:
CTS is enabled, mode: DOT1X
IFC state: OPEN
Authentication Status: SUCCEEDED
Command Purpose
Step 1
cts rekey interface interface_type
slot/port
Example:
c6500switch# cts rekey int gig 1/1
Forces renegotiation of SAP keys on MACsec link.
Command Purpose
Step 1
show cts interface [interface_type
slot/port | brief | summary]
Example:
c6500switch# show cts interface brief
Displays TrustSec-related interface configuration.
To Next Page
Loading...
