3-23
Cisco TrustSec Configuration Guide
OL-22192-02
Chapter 3 Configuring Identities, Connections, and SGTs
Configuring Additional Authentication Server-Related Parameters
6. LOCAL—Bindings of authenticated hosts which are learned via EPM and device tracking. This type
of binding also include individual hosts that are learned via ARP snooping on L2 [I]PM configured
ports.
7. INTERNAL—Bindings between locally configured IP addresses and the device own SGT.
Configuring Additional Authentication Server-Related
Parameters
To configure the interaction between a switch and the Cisco TrustSec server, perform one or more of
these tasks:
Detailed Steps for Catalyst 6500
This example shows how to configure server settings and how to display the Cisco TrustSec server list:
Router# configure terminal
Router(config)# cts server load-balance method least-outstanding batch-size 50
ignore-preferred-server
Router(config)# cts server test all deadtime 20
Router(config)# cts server test all enable
Router(config)# cts server test 10.15.20.102 idle-time 120
Router(config)# exit
Router# show cts server-list
CTS Server Radius Load Balance = ENABLED
Method = least-outstanding
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# [no] cts server deadtime
seconds
(Optional) Specifies how long a server in the group
should not be selected for service once it has been
marked as dead. The default is 20 seconds; the range
is 1 to 864000.
Step 3
Router(config)# [no] cts server
load-balance method least-outstanding
[batch-size transactions]
[ignore-preferred-server]
(Optional) Enables RADIUS load balancing for the
Cisco TrustSec private server group and chooses the
server with the least outstanding transactions. By
default, no load balancing is applied. The default
transactions is 25.
The ignore-preferred-server keyword instructs the
switch not to try to use the same server throughout a
session.
Step 4
Router(config)# [no] cts server test
{server-IP-address | all} {deadtime
seconds | enable | idle-time seconds}
(Optional) Configures the server-liveliness test for a
specified server or for all servers on the dynamic
server list. By default, the test is enabled for all
servers. The default idle-time is 60 seconds; the range
is from 1 to 14400.
Step 5
Router(config)# exit
Exits configuration mode.
Step 6
Router# show cts server-list
Displays status and configuration details of a list of
Cisco TrustSec servers.
To Next Page
Loading...
Need help?
General