Chapter 3
Configuring Identities, Connections, and SGTs
6.
7.
Configuring Additional Authentication Server-Related
Parameters
To configure the interaction between a switch and the Cisco TrustSec server, perform one or more of
these tasks:
Detailed Steps for Catalyst 6500
Command
Step 1
Router# configure terminal
Step 2
Router(config)# [no] cts server deadtime
seconds
Step 3
Router(config)# [no] cts server
load-balance method least-outstanding
[batch-size transactions]
[ignore-preferred-server]
Step 4
Router(config)# [no] cts server test
{server-IP-address | all} {deadtime
seconds | enable | idle-time seconds}
Step 5
Router(config)# exit
Step 6
Router# show cts server-list
This example shows how to configure server settings and how to display the Cisco TrustSec server list:
Router# configure terminal
Router(config)# cts server load-balance method least-outstanding batch-size 50
ignore-preferred-server
Router(config)# cts server test all deadtime 20
Router(config)# cts server test all enable
Router(config)# cts server test 10.15.20.102 idle-time 120
Router(config)# exit
Router# show cts server-list
CTS Server Radius Load Balance = ENABLED
Method
OL-22192-02
LOCAL—Bindings of authenticated hosts which are learned via EPM and device tracking. This type
of binding also include individual hosts that are learned via ARP snooping on L2 [I]PM configured
ports.
INTERNAL—Bindings between locally configured IP addresses and the device own SGT.
= least-outstanding
Configuring Additional Authentication Server-Related Parameters
Purpose
Enters global configuration mode.
(Optional) Specifies how long a server in the group
should not be selected for service once it has been
marked as dead. The default is 20 seconds; the range
is 1 to 864000.
(Optional) Enables RADIUS load balancing for the
Cisco TrustSec private server group and chooses the
server with the least outstanding transactions. By
default, no load balancing is applied. The default
transactions is 25.
The ignore-preferred-server keyword instructs the
switch not to try to use the same server throughout a
session.
(Optional) Configures the server-liveliness test for a
specified server or for all servers on the dynamic
server list. By default, the test is enabled for all
servers. The default idle-time is 60 seconds; the range
is from 1 to 14400.
Exits configuration mode.
Displays status and configuration details of a list of
Cisco TrustSec servers.
Cisco TrustSec Configuration Guide
3-23