Table of Contents
Advertisement
Chapter 3
Configuring Identities, Connections, and SGTs
Router(config-if)# shutdown
Router(config-if)# no shutdown
Router(config-if)# end
Catalyst 3850 TrustSec interface configuration in manual mode:
Switch# configure terminal
Switch(config)# interface gig 1/0/5
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# policy dynamic identity my_cisco_ise_id
Switch(config-if-cts-manual)# exit
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
Router(config-if)# end
Regenerating SAP Key on an Interface
The ability to manually refresh encryption keys is often part of network administration security
requirements. SAP key refresh ordinarily occurs automatically, triggered by combinations of network
events and non-configurable internal timers.
Detailed Steps for Catalyst 6500, Catalyst 3850/3650
Command
Step 1
cts rekey interface interface_type
slot/port
Example:
c6500switch# cts rekey int gig 1/1
Verifying the Cisco TrustSec Interface Configuration
To view the TrustSec-relate interface configuration, perform this task:
Detailed Steps for Catalyst 6500
Command
Step 1
show cts interface [interface_type
slot/port | brief | summary]
Example:
c6500switch# show cts interface brief
Example: Show Cisco 6500 TrustSec interface configuration:
Router# show cts interface interface gi3/3
Global Dot1x feature is Enabled
Interface GigabitEthernet3/3:
OL-22192-02
CTS is enabled, mode:
IFC state:
Authentication Status:
Purpose
Forces renegotiation of SAP keys on MACsec link.
Purpose
Displays TrustSec-related interface configuration.
DOT1X
OPEN
SUCCEEDED
Regenerating SAP Key on an Interface
Cisco TrustSec Configuration Guide
3-9
Hide quick links:
Advertisement
Table of Contents
