7-23
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 7 Cisco TrustSec Command Summary
cts rekey
cts rekey
To regenerate the Pairwise Master Key used by the Security Association Protocol (SAP), use the
cts rekey Privileged Exec command.
Syntax Descriptionc
Defaults There is no default value.
Command Modes Privileged EXEC (#)
Supported User Roles Administrator
Command History
Usage Guidelines SAP Pair-wise Master Key key (PMK) refresh ordinarily occurs automatically, triggered by
combinations of network events and non-configurable internal timers related to Dot1X authentication.
The ability to manually refresh encryption keys is often part of network administration security
requirements. To manually force a PMK refresh use the cts rekey command.
TrustSec supports a manual configuration mode where Dot1X authentication is not required to create
link-to-link encryption between switches. In this case, the PMK is manually configured on devices on
both ends of the link with the sap pmk CTS manual interface configuration command.
Examples The following example regenerates the PMK on the specified interface.
switch# cts rekey interface gigabitEthernet 2/1
switch#
interface type slot/port Specifies the CTS interface on which to regenerate the SAP key.
Release Modification
12.2(50) SY This command was introduced on the Catalyst 6500 Series Switches.
IOS-XE 3.3.0 SG This command was introduced on the Catalyst 4500 Series Switches.
IOS 15.0(1) SE This command was introduced on the Catalyst 3000 Series Switches.
To Next Page
Loading...
