sap mode-list (cts manual)
To select the Security Association Protocol (SAP) authentication and encryption modes (prioritized from
highest to lowest) used to negotiate link encryption between two interfaces, use the sap mode-list command
in CTS dot1x interface configuration mode. To remove a mode-list and revert to the default, use the no form
of this command.
Use the sap mode-list command to manually specify the Pairwise Master Key (PMK) and the Security
Association Protocol (SAP) authentication and encryption modes to negotiate MACsec link encryption between
two interfaces. Use the no form of the command to disable the configuration.
sap pmk mode-list {gcm-encrypt| gmac| no-encap| null} [gcm-encrypt | gmac | no-encap | null]
no sap pmk mode-list {gcm-encrypt| gmac| no-encap| null} [gcm-encrypt | gmac | no-encap | null]
Syntax Description
Specifies the Hex-data PMK
(without leading 0x; enter even
number of hex characters, or else
the last character is prefixed with
0.).
pmk hex_value
Specifies the list of advertised
modes (prioritized from highest to
lowest).
mode-list
Specifies GMAC authentication,
GCM encryption.
gcm-encrypt
Specifies GMAC authentication
only, no encryption.
gmac
Specifies no encapsulation.no-encap
Specifies encapsulation present, no
authentication, no encryption.
null
Command Default
The default encryption is sap pmk mode-list gcm-encrypt null. When the peer interface does not support
802.1AE MACsec or 802.REV layer-2 link encryption, the default encryption is null.
Command Modes
CTS manual interface configuration (config-if-cts-manual)
Command History
ModificationRelease
This command was introduced.Cisco IOS XE Denali 16.3.1
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
796
sap mode-list (cts manual)
To Next Page
Loading...
Need help?
General
