Configuring Cisco Trustsec Macsec - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Configuring Cisco TrustSec MACsec
Configuring Cisco TrustSec MACsec
MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the
Note
NPE license or with a LAN Base service image.
Following topics are discussed:
•
•
•
•
Note
The sample configuration in the last section shows the AAA and the RADIUS configuration. Use this
example to configure RADIUS and AAA before configuring switch-to-switch security.
Configuring Cisco TrustSec Credentials on the Switch
To enable Cisco TrustSec features, you must create Cisco TrustSec credentials on the switch to use in
other TrustSec configurations.
To configure Cisco TrustSec credentials, perform this task:
Command
Step 1
cts credentials id device-id password
cts-password
Step 2
show cts credentials
Step 3
copy running-config startup-config
To delete the Cisco TrustSec credentials, enter the clear cts credentials privileged EXEC command.
This example shows how to create Cisco TrustSec credentials:
Switch# cts credentials id trustsec password mypassword
CTS device ID and password have been inserted in the local keystore. Please make
sure that the same ID and password are configured in the server database.
Switch# show cts credentials
CTS password is defined in keystore, device-id = trustsecchange-password
password change with AAA server
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
43-10
Configuring Cisco TrustSec Credentials on the Switch, page 43-10
Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1X Mode, page 43-11
Configuring Cisco TrustSec Switch-to-Switch Link Security in Manual Mode, page 43-12
Cisco TrustSec Switch-to-Switch Link Security Configuration Example, page 43-13
Purpose
Specifies the Cisco TrustSec credentials for this switch to use when
authenticating with other Cisco TrustSec devices with EAP-FAST.
•
id device-id—Specifies a Cisco TrustSec device ID for the
switch. The device-id argument has a maximum length of 32
characters and is case sensitive.
password cts-password—Specifies the Cisco TrustSec
•
password for the device.
(Optional) Displays Cisco TrustSec credentials configured on the
switch.
(Optional) Saves your entries in the configuration file.
Chapter 43
Configuring MACsec Encryption
Initiate
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
