Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

CHAPTER

1-1

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Configuring MACsec Encryption

This chapter describes how to configure Media Access Control Security (MACsec) encryption on the

Catalyst 3750-X and 3560-X switch. MACsec is the IEEE 802.1AE standard for authenticating and

encrypting packets between two MACsec-capable devices. The Catalyst 3750-X and 3560-X switches

support 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption

between the switch and host devices. The switch also supports MACsec link layer switch-to-switch

security by using Cisco TrustSec Network Device Admission Control (NDAC) and the Security

Association Protocol (SAP) key exchange. Link layer security can include both packet authentication

between switches and MACsec encryption between switches (encryption is optional).

Note MACsec is not supported on switches running the NPE or the LAN base image.

All downlink ports on the switch can run Cisco TrustSec MACsec link layer switch-to-switch security.

Cisco TrustSec and Cisco SAP are meant only for switch-to-switch links and are not supported on switch

ports connected to end hosts, such as PCs or IP phones. MKA is meant for switch-to-host facing links

and is not supported on switch-to-switch links. Host-facing links typically use flexible authentication

ordering for handling heterogeneous devices with or without IEEE 802.1x, and can optionally use MKA

encryption. Cisco NDAC and SAP are mutually exclusive with Network Edge Access Topology (NEAT),

which is used for compact switches to extend security outside the wiring closet.

• Understanding Media Access Control Security and MACsec Key Agreement, page 1-2

• Configuring MKA and MACsec, page 1-6

• Understanding Cisco TrustSec MACsec, page 1-8

• Configuring Cisco TrustSec MACsec, page 1-10

Table 1 MACsec Support on Switch Ports

Interface Connections MACsec support

User-facing downlink ports Switch-to-host MKA MACsec encryption

Switchports connected to other

switches

Switch-to-switch Cisco TrustSec NDAC MACsec

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)