Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1205
Views
0
Helpful
15
Replies

Protected Access Credential (PAC) and TrustSec

iores
Level 3
Level 3

‎02-22-2025 02:07 PM

Hi,

I am little confused how PAC works.

With TrustSec, a PAC key is manually configured on the switch instead of the RADIUS key.

By looking at how PAC works, it seems that ISE generates PAC Random Key, PAC-Opaque and A-ID. This all together is called PAC and it is then sent to the switch.

Why now two PAC keys? When is the first key used then? Is it used maybe do encrypt the newly generated PAC sent from ISE to the switch?

Is the second PAC key used as some kind of session key which switch uses to encrypt the PAC-Opaque when sent back to ISE?

What am I missing?

0 Helpful
15 Replies 15

Arne Bier
VIP
VIP
In response to iores

‎02-25-2025 02:24 PM

I'm out of my depth here - don't know enough about CTS sorry. Maybe suggest it on the Webex ISE Bar and ask/chat to Thomas Howard or Charlie Moreton to run a YouTube video on how this stuff really works, and going through some scenarios where it's done manually, and where DNAC is involved.

0 Helpful
Customers Also Viewed These Support Documents
Top