key chain macsec
To configure a MACsec key chain name on a device interface to fetch a Pre Shared Key (PSK), use the key
chain macsec command in global configuration mode. To disable it, use the no form of this command.
key chain name macsec {description| key| exit}
Syntax Description
Name of a key chain to be used to get keys.
name
Provides description of the MACsec key chain.description
Configure a MACsec key.key
Exits from the MACsec key-chain configuration mode.exit
Negates the command or sets the default values.no
Command Default
key chain macsec is disabled.
Command Modes
Global configuration
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Usage Guidelines
Examples
This example shows how to configure MACsec key chain to fetch a 128-bit Pre Shared Key (PSK):
Switch#configure terminal
Switch(config)#key chain kc1 macsec
Switch(config-keychain-macsec)#key 1000
Switch(config-keychain-macsec)#cryptographic-algorithm aes-128-cmac
Switch(config-keychain-macsec-key)# key-string fb63e0269e2768c49bab8ee9a5c2258f
Switch(config-keychain-macsec-key)#end
Switch#
Examples
This example shows how to configure MACsec key chain to fetch a 256-bit Pre Shared Key (PSK):
Switch#configure terminal
Switch(config)#key chain kc1 macsec
Switch(config-keychain-macsec)#key 2000
Switch(config-keychain-macsec)#cryptographic-algorithm aes-256-cmac
Switch(config-keychain-macsec-key)# key-string
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
777
key chain macsec
To Next Page
Loading...
Need help?
General
