1-13
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
This example shows how to configure Cisco TrustSec authentication in manual mode on an interface:
Switch# configure terminal
Switch(config)# interface tengiigabitethernet 1/1/2
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# sap pmk 1234abcdef mode-list gcm-encrypt null no-encap
Switch(config-if-cts-manual)# no propagate sgt
Switch(config-if-cts-manual)# exit
Switch(config-if)# end
Step 4
sap pmk key [mode-list mode1 [mode2 [mode3
[mode4]]]]
(Optional) Configures the SAP pairwise master key (PMK) and
operation mode. SAP is disabled by default in Cisco TrustSec
manual mode.
• key—A hexadecimal value with an even number of characters
and a maximum length of 32 characters.
The SAP operation mode options:
• gcm-encrypt—Authentication and encryption
Note Select this mode for MACsec authentication and
encryption if your software license supports MACsec
encryption.
• gmac—Authentication, no encryption
• no-encap—No encapsulation
• null—Encapsulation, no authentication or encryption
Note If the interface is not capable of data link encryption,
no-encap is the default and the only available SAP
operating mode. SGT is not supported.
Step 5
no propagate sgt Use the no form of this command when the peer is incapable of
processing a SGT. The no propagate sgt command prevents the
interface from transmitting the SGT to the peer and is required in
manual mode.
Step 6
exit Exits Cisco TrustSec 802.1X interface configuration mode.
Step 7
end Returns to privileged EXEC mode.
Step 8
show cts interface [interface-id | brief |
summary]
(Optional) Verify the configuration by displaying
TrustSec-related interface characteristics.
Step 9
copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
To Next Page
Loading...
