48-25
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 48 Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
Switch(config)#
radius server ACS-2 address ipv4 10.5.120.14 auth-port 1812 acct-port 1813
pac key cisco123
Switch(config)#
radius server ACS-3 address ipv4 10.5.120.15 auth-port 1812 acct-port 1813
pac key cisco123
Switch(config)#
aaa group server radius cts-radius
Switch(config-sg-radius)#
server name ACS-1
Switch(config-sg-radius)#
server name ACS-2
Switch(config-sg-radius)#
server name ACS-3
Switch(config-sg-radius)#
exit
Switch(config)#
aaa authentication login default none
Switch(config)#
aaa authentication dot1x default group cts-radius
Switch(config)#
aaa authentication network cts-radius group radius
Switch(config)#
aaa session-id common
Switch(config)#
cts authorization list cts-radius
Switch(config)#
dot1x system-auth-control
Switch(config)#
interface gi1/1/2
Switch(config-if)#
switchport trunk encapsulation dot1q
Switch(config-if)#
switchport mode trunk
Switch(config-if)#
cts dot1x
Switch(config-if-cts-dot1x)#
sap mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)#
exit
Switch(config-if)#
exit
Switch(config)#
interface gi1/1/4
Switch(config-if)#
switchport trunk encapsulation dot1q
Switch(config-if)#
switchport mode trunk
Switch(config-if)#
cts manual
Switch(config-if-cts-dot1x)#
sap pmk 033445AABBCCDDEEFF mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)#
no propagate sgt
Switch(config-if-cts-dot1x)#
exit
Switch(config-if)#
exit
Switch(config)#
radius-server vsa send authentication
Switch(config)#
end
Switch#
cts credentials id cts-36 password trustsec123
Non-Seed Device:
Switch(config)#
aaa new-model
Switch(config)#
aaa session-id common
Switch(config)#
dot1x system-auth-control
Switch(config)#
interface gi1/1/2
Switch(config-if)#
switchport trunk encapsulation dot1q
Switch(config-if)#
switchport mode trunk
Switch(config-if)#
shutdown
Switch(config-if)#
cts dot1x
Switch(config-if-cts-dot1x)#
sap mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)#
exit
Switch(config-if)#
exit
Switch(config)#
interface gi1/1/4
Switch(config-if)#
switchport trunk encapsulation dot1q
Switch(config-if)#
switchport mode trunk
Switch(config-if)#
shutdown
Switch(config-if)#
cts manual
Switch(config-if-cts-dot1x)#
sap pmk 033445AABBCCDDEEFF mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)#
no propagate sgt
Switch(config-if-cts-dot1x)#
exit
Switch(config-if)#
exit
Switch(config)#
radius-server vsa send authentication
Switch(config)#
end
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...
