1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Configuration Examples For Seed Device; Configuring Credentials And Aaa For A Cisco Trustsec Non-Seed Device - Cisco TrustSec Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Chapter 3
Configuring Identities, Connections, and SGTs
You must also configure the Cisco TrustSec credentials for the switch on the Cisco Identity Services
Note
Engine (Cisco ISE) or the Cisco Secure Access Control Server (Cisco ACS).

Configuration Examples for Seed Device

Catalyst 6500 configured as a Cisco TrustSec seed device:
Router# cts credentials id Switch1 password Cisco123
Router# configure terminal
Router(config)# aaa new-model
Router(config)# aaa authentication dot1x default group radius
Router(config)# aaa authorization network MLIST group radius
Router(config)# cts authorization list MLIST
Router(config)# aaa accounting dot1x default start-stop group radius
Router(config)# radius-server host 10.20.3.1 auth-port 1812 acct-port 1813 pac key AbCe1234
Router(config)# radius-server vsa send authentication
Router(config)# dot1x system-auth-control
Router(config)# exit
Configuring Credentials and AAA for a Cisco TrustSec Non-Seed
Device
To enable NDAC and AAA on a non-seed switch so that it can join the Cisco TrustSec domain, perform
these steps:
Detailed Steps for Catalyst 6500
Command
Step 1
Router# cts credentials id device-id
password password
Step 2
Router# configure terminal
Step 3
Router(config)# aaa new-model
Step 4
Router(config)# aaa authentication dot1x
default group radius
Step 5
Router(config)# aaa authorization
network mlist group radius
Step 6
Router(config)# aaa accounting dot1x
default start-stop group radius
OL-22192-02

Configuring Credentials and AAA for a Cisco TrustSec Non-Seed Device

Purpose
Specifies the Cisco TrustSec device ID and password
for this switch to use when authenticating with other
Cisco TrustSec devices with EAP-FAST. The
device-id argument has a maximum length of 32
characters and is case sensitive.
Enters global configuration mode.
Enables AAA.
Specifies the 802.1X port-based authentication
method as RADIUS.
Configures the switch to use RADIUS authorization
for all network-related service requests.
mlist—Specifies a Cisco TrustSec AAA server
group.
Enables 802.1X accounting using RADIUS.
Cisco TrustSec Configuration Guide
3-3
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Content for Cisco TrustSec

Table of Contents