Configuring MACsec ··················································································· 476
Overview ························································································································································ 476
Basic concepts ······································································································································· 476
MACsec services ··································································································································· 476
MACsec applications ······························································································································ 477
MACsec operating mechanism ·············································································································· 477
Protocols and standards ························································································································ 479
MACsec configuration task list ······················································································································· 480
Enabling MKA ················································································································································ 480
Enabling MACsec desire ································································································································ 480
Configuring a preshared key ·························································································································· 481
Configuring an MKA policy ····················································································································· 483
Applying an MKA policy ························································································································· 484
MACsec configuration examples ··················································································································· 485
Troubleshooting MACsec ······························································································································· 494
Overview ························································································································································ 500
Web authentication types ······················································································································· 500
Web authentication system ···················································································································· 500
Web authentication process ··················································································································· 501
Web authentication task list ··························································································································· 502
Configuration prerequisites ···························································································································· 502
Enabling Web authentication ························································································································· 503
Configuring an Auth-Fail VLAN ······················································································································ 506
xi