Cisco Catalyst 3560-X Software Configuration Manual page 378
Hide thumbs
Also See for Catalyst 3560-X:
- Command reference manual (1188 pages) ,
- Software configuration manual (1438 pages) ,
- Manual (276 pages)
Table of Contents
Advertisement
Chapter 1
Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
Cisco TrustSec Switch-to-Switch Link Security Configuration Example
This example shows the configuration necessary for a seed and non-seed device for Cisco TrustSec
switch-to-switch security. You must configure the AAA and RADIUS for link security. In this example,
ACS-1 through ACS-3 can be any server names and cts-radius is the Cisco TrustSec server.
Seed Device Configuration:
Switch(config)# aaa new-model
Switch(config)# radius server ACS-1 address ipv4 10.5.120.12 auth-port 1812 acct-port 1813
pac key cisco123
Switch(config)# radius server ACS-2 address ipv4 10.5.120.14 auth-port 1812 acct-port 1813
pac key cisco123
Switch(config)# radius server ACS-3 address ipv4 10.5.120.15 auth-port 1812 acct-port 1813
pac key cisco123
Switch(config)# aaa group server radius cts-radius
Switch(config-sg-radius)# server name ACS-1
Switch(config-sg-radius)# server name ACS-2
Switch(config-sg-radius)# server name ACS-3
Switch(config-sg-radius)# exit
Switch(config)# aaa authentication login default none
Switch(config)# aaa authentication dot1x default group cts-radius
Switch(config)# aaa authentication network cts-radius group radius
Switch(config)# aaa session-id common
Switch(config)# cts authorization list cts-radius
Switch(config)# dot1x system-auth-control
Switch(config)# interface gi1/1/2
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# cts dot1x
Switch(config-if-cts-dot1x)# sap mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)#exit
Switch(config-if)# exit
Switch(config)# interface gi1/1/4
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# cts manual
Switch(config-if-cts-dot1x)# sap pmk 033445AABBCCDDEEFF mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)# no propagate sgt
Switch(config-if-cts-dot1x)# exit
Switch(config-if)# exit
Switch(config)# radius-server vsa send authentication
Switch(config)# end
Switch# cts credentials id cts-36 password trustsec123
Non-Seed Device:
Switch(config)# aaa new-model
Switch(config)# aaa session-id common
Switch(config)# dot1x system-auth-control
Switch(config)# interface gi1/1/2
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# shutdown
Switch(config-if)# cts dot1x
Switch(config-if-cts-dot1x)# sap mode-list gcm-encrypt gmac
Switch(config-if-cts-dot1x)# exit
Switch(config-if)# exit
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-14
OL-25303-03
Advertisement
Table of Contents
Troubleshooting
