Understanding Cisco Trustsec Macsec - Cisco Catalyst 4500 Series Configuration Manual

Understanding Cisco TrustSec MACsec

Switch(config-if)# mka policy replay-policy
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# spanning-tree portfast
Switch(config-if)# end
Switch# show authentication sessions interface gigabitethernet1/0/25
Interface: GigabitEthernet1/0/25
MAC Address: 001b.2140.ec3c
IP Address: 1.1.1.103
User-Name: ms1
Status: Authz Success
Domain: DATA
Security Policy: Must Secure ß--- New
Security Status: Secured ß--- New
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 10
Session timeout: 3600s (server), Remaining: 3567s
Timeout action: Reauthenticate
Idle timeout: N/A
Common Session ID: 0A05783B0000001700448BA8
Acct Session ID: 0x00000019
Handle: 0x06000017
Runnable methods list:
Method State
dot1x Authc Success
Understanding Cisco TrustSec MACsec
MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the
Note
NPE license or with a LAN Base service image.
Table 43-2
explanations, see the Cisco TrustSec Switch Configuration Guide:
http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/arch_over.html#wp10545
61
Table 43-2 Cisco TrustSec Features
Cisco TrustSec Feature
802.1AE Encryption (MACsec)
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
43-8
summarizes the Cisco TrustSec features supported on the switch. For more detailed
Description
Protocol for 802.1AE-based wire-rate hop-to-hop Layer 2 encryption.
Between MACsec-capable devices, packets are encrypted on egress from the
sending device, decrypted on ingress to the receiving device, and in the clear
within the devices.
This feature is only available between 802.1AE-capable devices.
Chapter 43 Configuring MACsec Encryption
OL-25340-01