Applying The 802.1X And Mka Macsec Configuration On Interfaces - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 48
Configuring MACsec Encryption
Command
Step 8
priority-number class always
do-until-failure
Step 9
action-number terminate dot1x
Step 10
action-number
authentication-restart seconds
Step 11
exit
Step 12
copy running-config startup-config
Applying the 802.1x and MKA MACsec Configuration on Interfaces
To apply 801.1x and MKA MACsec using EAP-TLS to interfaces, perform the following task:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
macsec network-link
Step 4
authentication periodic
Step 5
authentication timer reauthenticate
interval
Step 6
access-session host-mode multi-host
Step 7
access-session closed
Step 8
access-session port-control auto
Step 9
dot1x pae both
Step 10
dot1x credentials profile
Step 11
dot1x supplicant eap profile name
Step 12
service-policy type control
subscriber control-policy name
Step 13
exit
Step 14
show access-session interface
interface-id
Step 15
show mka session interface
interface-id
Step 16
show macsec interface interface-id
Step 17
copy running-config startup-config
Example: MKA MACsec Switch-to-Switch Configuration
Switch# configure terminal
Switch(config)# crypto key generate rsa label mkaioscarsa mod 2048
The name for the keys will be: mkaioscarsa
Purpose
Associates a priority with an action in the control policy.
Terminates the authentication of a subscriber session using the IEEE
802.1x method
Sets a timer to restart the authentication process after an authentication or
authorization failure.
Exits control policy-map event configuration mode and returns to global
configuration mode.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Identifies the MACsec interface, and enter interface configuration mode.
The interface must be a physical interface.
Enables MKA MACsec using EAP-TLS, on the interface.
Enables reauthentication for this port.
Sets the reauthentication interval.
Allows hosts to gain access to the interface.
Prevents preauthentication access on the interface.
Sets the authorization state of a port.
Configures the port as an 802.1X port access entity (PAE) supplicant and
authenticator.
Assigns a 802.1x credentials profile to the interface.
Assigns the EAP-TLS profile to the interface.
Applies a subscriber control policy to the interface.
Returns to privileged EXEC mode.
(Optional) Displays the active MKA sessions for the interface, and
verifies your MKA MACsec configuration.
(Optional) Saves your entries in the configuration file.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Understanding MKA MACsec with EAP-TLS
48-17
Advertisement
Chapters
Table of Contents
Troubleshooting
