PKI applications ··················································································································································· 386

Recommended configuration procedures ·················································································································· 386

Recommended configuration procedure for manual request ·········································································· 386

Recommended configuration procedure for automatic request ······································································ 388

Creating a PKI entity ···················································································································································· 388

Creating a PKI domain ················································································································································ 390

Generating an RSA key pair······································································································································· 393

Destroying the RSA key pair ······································································································································· 394

Retrieving and displaying a certificate ······················································································································ 394

Requesting a local certificate ······································································································································ 396

Retrieving and displaying a CRL ································································································································ 398

PKI configuration example ·········································································································································· 399

Configuration guidelines ············································································································································· 403

Configuring MAC authentication ··························································································································· 404

Overview ······································································································································································· 404

User account policies ·········································································································································· 404

Authentication methods······································································································································· 404

MAC authentication timers ································································································································· 405

Using MAC authentication with other features ········································································································· 405

VLAN assignment ················································································································································ 405

ACL assignment ··················································································································································· 405

Auth-Fail VLAN ···················································································································································· 405

Configuration prerequisites ········································································································································· 406

Recommended configuration procedure···················································································································· 406

Configuring MAC authentication globally ················································································································ 406

Configuring MAC authentication on a port ····································································································· 408

MAC authentication configuration examples ············································································································ 408

Local MAC authentication configuration example··························································································· 408

ACL assignment configuration example············································································································ 411

Configuring port security ········································································································································ 421

Port security features ··········································································································································· 421

Port security modes ············································································································································· 421

Configuring global settings for port security ············································································································· 424

Configuring basic port security control ······················································································································ 425

Configuring secure MAC addresses ·························································································································· 427

Configuring advanced port security control ·············································································································· 428

Configuring permitted OUIs ········································································································································ 429

Port security configuration examples ························································································································· 430

Basic port security mode configuration example ····························································································· 430

Advanced port security mode configuration example ···················································································· 433

Configuring port isolation ······································································································································· 440

Configuring the isolation group ·································································································································· 440

Port isolation configuration example·························································································································· 441

Configuring authorized IP ······································································································································ 443

Configuration procedure ············································································································································· 443

Authorized IP configuration example ························································································································· 444

Network requirements ········································································································································· 444

Downloaded from

www.Manualslib.com

manuals search engine

Table of Contents