Cisco Catalyst 3560-X Software Configuration Manual page 376
Hide thumbs
Also See for Catalyst 3560-X:
- Command reference manual (1188 pages) ,
- Software configuration manual (1438 pages) ,
- Manual (276 pages)
Table of Contents
Advertisement
Configuring Cisco TrustSec MACsec
Command
Step 7
show cts interface [interface-id | brief |
summary]
Step 8
copy running-config startup-config
This example shows how to enable Cisco TrustSec authentication in 802.1x mode on an interface using
GCM as the preferred SAP mode:
Switch# configure terminal
Switch(config)# interface tengigabitethernet 1/1/2
Switch(config-if)# cts dot1x
Switch(config-if-cts-dot1x)# sap mode-list gcm-encrypt null no-encap
Switch(config-if-cts-dot1x)# exit
Switch(config-if)# end
Configuring Cisco TrustSec Switch-to-Switch Link Security in Manual Mode
If your switch does not have access to an authentication server or if 802.1X authentication is not needed,
you can manually configure Cisco TrustSec on an interface. You must manually configure the interface
on each end of the connection.
When manually configuring Cisco TrustSec on an interface, consider these usage guidelines and
restrictions:
•
•
•
Beginning in privileged EXEC mode, follow these steps to manually configure Cisco TrustSec on an
interface to another Cisco TrustSec device:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
cts manual
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-12
If no SAP parameters are defined, MACsec encapsulation or encryption will not be performed.
If you select GCM as the SAP operating mode, you must have a MACsec Encryption software
license from Cisco. If you select GCM without the required license, the interface is forced to a
link-down state.
These protection levels are supported when you configure SAP pairwise master key (sap pmk):
SAP is not configured—no protection.
–
sap mode-list gcm-encrypt gmac no-encap—protection desirable but not mandatory.
–
sap mode-list gcm-encrypt gmac—confidentiality preferred and integrity required. The
–
protection is selected by the supplicant according to supplicant preference.
sap mode-list gmac—integrity only.
–
sap mode-list gcm-encrypt—confidentiality required.
–
sap mode-list gmac gcm-encrypt—integrity required and preferred, confidentiality optional.
–
Purpose
(Optional) Verify the configuration by displaying TrustSec-related
interface characteristics.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Note
Enters Cisco TrustSec manual configuration mode.
Chapter 1
Configuring MACsec Encryption
OL-25303-03
Advertisement
Table of Contents
Troubleshooting
