Table of Contents
Advertisement
Chapter 7
Cisco TrustSec Command Summary
Use the timer reauthentication command to configure the reauthentication period to be applied to the
CTS link in case the period is not available from the Cisco Secure ACS. The default reauthentication
period is 86,400 seconds.
Note
Because TrustSec NDAC and SAP are supported only on a switch-to-switch link, dot1x must be
configured in multi-hosts mode. The authenticator PAE starts only when dot1x system-auth-control is
enabled globally.
Examples
The following example specifies that SAP is to negotiate the use of CTS encapsulation with GCM cipher,
or null-cipher as a second choice, but can accept no CTS encapsulation if the peer does not support CTS
encapsulation in hardware.
Router(config-if-cts-dot1x)# sap modelist gcm-encrypt
Related Commands
Command
propagate (cts dot1x
submode)
sap (cts dot1x interface
submode)
timer (cts do1x interface
submode)
OL-22192-01
Description
Enables/disables SGT propagation in dot1x mode.
Configures CTS SAP for dot1x mode.
Configures the CTS timer.
sap (cts dot1x interface submode)
null
no-encap
Cisco TrustSec Configuration Guide
7-71
Hide quick links:
Advertisement
Table of Contents
