EasyManuals Logo

Cisco Catalyst 4500 Series Administration Guide

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1135 background imageLoading...
Page #1135 background image
45-13
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 45 Configuring MACsec Encryption
Configuring Cisco TrustSec MACsec
• These protection levels are supported when you configure SAP pairwise master key (sap pmk):
–
SAP is not configured—no protection.
–
sap mode-list gcm-encrypt gmac no-encap—protection desirable but not mandatory.
–
sap mode-list gcm-encrypt gmac—confidentiality preferred and integrity required. The
protection is selected by the supplicant according to supplicant preference.
–
sap mode-list gmac—integrity only.
–
sap mode-list gcm-encrypt—confidentiality required.
–
sap mode-list gmac gcm-encrypt—integrity required and preferred, confidentiality optional.
To manually configure Cisco TrustSec on an interface to another Cisco TrustSec device, perform this
task:
Command Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface interface-id
Enters interface configuration mode.
Step 3
cts manual
Enters Cisco TrustSec manual configuration mode.
Step 4
sap pmk key [mode-list mode1 [mode2
[mode3 [mode4]]]]
(Optional) Configures the SAP pairwise master key (PMK) and
operation mode. SAP is disabled by default in Cisco TrustSec
manual mode.
• key—A hexadecimal value with an even number of characters
and a maximum length of 32 characters.
The SAP operation mode options:
• gcm-encrypt—Authentication and encryption
Note Select this mode for MACsec authentication and
encryption if your software license supports MACsec
encryption.
• gmac—Authentication, no encryption
• no-encap—No encapsulation
• null—Encapsulation, no authentication or encryption
Note If the interface is not capable of data link encryption,
no-encap is the default and the only available SAP
operating mode. SGT is not supported.
Step 5
no propagate sgt
Prevents the interface from transmitting the SGT to the peer and
is required in manual mode.
Use the no form of this command when the peer is incapable of
processing a SGT.
Step 6
exit
Exits Cisco TrustSec 802.1X interface configuration mode.
Step 7
end
Returns to privileged EXEC mode.
Step 8
show cts interface [interface-id | brief |
summary
]
(Optional) Verifies the configuration by displaying
TrustSec-related interface characteristics.
Step 9
copy running-config startup-config
(Optional) Saves your entries in the configuration file.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Message Guide
Message Guide146 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Datasheet
Datasheet11 pages
Preview: Overview
Overview46 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals