EasyManuals Logo

Cisco Catalyst 3560-X User Manual

Cisco Catalyst 3560-X
1538 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #375 background imageLoading...
Page #375 background image
1-11
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
Note Before you configure Cisco TrustSec MACsec authentication, you should configure Cisco TrustSec seed
and non-seed devices. For 802.1x mode, you must configure at least one seed device, that device closest
to the access control system (ACS). See this section in the Cisco TrustSec Configuration Guide:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/ident-conn_config.html
Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1x Mode
You enable Cisco TrustSec link layer switch-to-switch security on an interface that connects to another
Cisco TrustSec device. When configuring Cisco TrustSec in 802.1x mode on an interface, follow these
guidelines:
To use 802.1x mode, you must globally enable 802.1x on each device.
If you select GCM as the SAP operating mode, you must have a MACsec encryption software
license from Cisco. MACsec is supported on Catalyst 3750-X and 3560-X universal IP base and IP
services licenses. It is not supported with the NPE license or with a LAN base service image.
If you select GCM without the required license, the interface is forced to a link-down state.
Beginning in privilege EXEC mode, follow these steps to configure Cisco TrustSec switch-to-switch link
layer security with 802.1x.
Command Purpose
Step 1
configure terminal Enters global configuration mode.
Step 2
interface interface-id Note Enters interface configuration mode.
Step 3
cts dot1x Configures the interface to perform NDAC authentication.
Step 4
sap mode-list mode1 [mode2 [mode3
[mode4]]]
(Optional) Configures the SAP operation mode on the interface. The
interface negotiates with the peer for a mutually acceptable mode.
Enter the acceptable modes in your order of preference.
Choices for mode are:
gcm-encrypt—Authentication and encryption
Note Select this mode for MACsec authentication and encryption
if your software license supports MACsec encryption.
gmac—Authentication, no encryption
no-encap—No encapsulation
null—Encapsulation, no authentication or encryption
Note If the interface is not capable of data link encryption,
no-encap is the default and the only available SAP
operating mode. SGT is not supported.
Note Although visible in the CLI help, the timer reauthentication and propagate sgt keywords are not
supported.
Step 5
exit Exits Cisco TrustSec 802.1x interface configuration mode.
Step 6
end Returns to privileged EXEC mode.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General IconGeneral
Enclosure TypeRack-mountable - 1U
SubtypeGigabit Ethernet
Ports48 x 10/100/1000 + 4 x SFP
Flash Memory64 MB
Power DeviceInternal power supply
Voltage RequiredAC 120/230 V (50/60 Hz)
Operating SystemCisco IOS
Device TypeSwitch
PerformanceSwitching capacity: 128 Gbps
Jumbo Frame SupportYes
Routing ProtocolRIP-1, RIP-2, EIGRP
Remote Management ProtocolSNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
FeaturesDHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
StackingStackable
Security FeaturesSSH, RADIUS, TACACS+
ManagementCLI
Dimensions (H x W x D)17.5 in
Operating Temperature32 to 113 °F (0 to 45 °C)
Humidity10 - 95% (non-condensing)

Related product manuals