Cisco Catalyst 4503-E

To Next Page

To Previous Page

Cisco Cat4K NDPP ST 11 March 2014

EDCS-1228241

TOE SFRs

How the SFR is Met

MACsec

ICK

secret

128/256

bits

Used to verify

the integrity

and

authenticity of

MPDUs

MACse

c PHY

(plainte

xt)

Automati

cally

when

session

expires

SESA

Authoriza

tion Key

AES

128 bits

Used to

authorize

members of a

single stack on

Incredible

Units.

Used as input

to SP800-108

derivation

methods to

derive four

additional 128

fields to

transfer the

Master Session

Key and

additional

aggressive

exchange

material

NVRA

(plainte

xt)

“no fips

authorizat

ion-key”

SESA

Master

Session

Key

AES

128 bits

Used to derive

SESA session

key

DRAM

(plainte

xt)

Upon

completio

n of key

exchange

SESA

Derived

Session

Keys

AES

and

HMAC

-SHA-1

128 bits

and 192

bits

Used to protect

traffic over

stacking ports

DRAM

(plainte

xt)

Upon

bringing

down the

stack

IKE session encrypt key - This structure contains all of the SA

items, including the skeyid, skeyid_d, IKE Session Encryption

Key and IKE Session Authentication Key. All values overwritten

by 0’s (0x00) automatically after IKE session terminated.

IKE session authentication key - This structure contains all of the

SA items, including the skeyid, skeyid_d, IKE Session

Encryption Key and IKE Session Authentication Key. All values

overwritten by 0’s (0x00) automatically after IKE session

terminated.

FCS_COP.1(1)

The TOE provides symmetric encryption and decryption

capabilities using AES in CBC and GCM mode (128, 256 bits) as

described in FIPS PUB 197, NIST SP 800-38A and NIST SP

800-38D.

FCS_COP.1(2)

The TOE will provide cryptographic signature services using

RSA with key size of 2048 and greater as specified in FIPS PUB

186-3, “Digital Signature Standard”.

Main Page

Cisco Catalyst 4503-E - Page 66

Table of Contents

Related product manuals