Usage Guidelines
Use the sap pmk mode-list command to specify the authentication and encryption method.
The Security Association Protocol (SAP) is an encryption key derivation and exchange protocol based on a
draft version of the 802.11i IEEE protocol. SAP is used to establish and maintain the 802.1AE link-to-link
encryption (MACsec) between interfaces that support MACsec.
SAP and the Pairwise Master Key (PMK) can be manually configured between two interfaces with the sap
pmk mode-list command. When using 802.1X authentication, both sides (supplicant and authenticator) receive
the PMK and the MAC address of the peer's port from the Cisco Secure Access Control Server.
If a device is running CTS-aware software but the hardware is not CTS-capable, disallow encapsulation with
the sap mode-list no-encap command.
Examples
The following example shows how to configure SAP on a Gigabit Ethernet interface:
Switch# configure terminal
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# sap pmk FFFEE mode-list gcm-encrypt
Related Commands
DescriptionCommand
Enables an interface for CTS.cts manual
Enables Security Group Tag (SGT) propagation at
Layer 2 on Cisco TrustSec Security (CTS) interfaces.
propagate sgt (cts manual)
Displays Cisco TrustSec interface configuration
statistics.
show cts interface
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
797
sap mode-list (cts manual)
To Next Page
Loading...
Need help?
General
