3-10
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Verifying the Cisco TrustSec Interface Configuration
Peer identity: "sanjose"
Peer's advertised capabilities: ""
802.1X role: Supplicant
Reauth period applied to link: Not applicable to Supplicant role
Authorization Status: SUCCEEDED
Peer SGT: 11
Peer SGT assignment: Trusted
SAP Status: NOT APPLICABLE
Configured pairwise ciphers:
gcm-encrypt
null
Replay protection: enabled
Replay protection mode: OUT-OF-ORDER
Selected cipher:
Cache Info:
Expiration : 23:32:40 PDT Jun 22 2009
Cache applied to link : NONE
Expiration : 23:32:40 PDT Jun 22 2009
Statistics:
authc success: 1
authc reject: 0
authc failure: 0
authc no response: 0
authc logoff: 0
sap success: 0
sap fail: 0
authz success: 1
authz fail: 0
port auth fail: 0
Dot1x Info for GigabitEthernet3/1
-----------------------------------
PAE = SUPPLICANT
StartPeriod = 30
AuthPeriod = 30
HeldPeriod = 60
MaxStart = 3
Credentials profile = CTS-ID-profile
EAP profile = CTS-EAP-profile
Dot1x Info for GigabitEthernet3/1
-----------------------------------
PAE = AUTHENTICATOR
PortControl = FORCE_AUTHORIZED
ControlDirection = Both
HostMode = SINGLE_HOST
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 55
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
Example: Cisco 3850 TrustSec interface query:
Edison24U> show cts interface gig 1/0/6
Global Dot1x feature is Disabled
Interface GigabitEthernet1/0/6:
CTS is enabled, mode: MANUAL
IFC state: INIT
Authentication Status: NOT APPLICABLE