Sap Pmk - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Table of Contents

sap pmk

To manually configure the Cisco TrustSec Security Association Protocol (SAP) pairwise master key (PMK),

use the sap pmk command. To remove the SAP configuration, use the no form of this command.

sap pmk [key| [left-zero-padded] [display encrypt]| encrypted {encrypted_pmk| use-dot1x} [modelist

{gcm-encrypt| gmac| no-encap| null}]]

Syntax Description

left-zero-padded

display encrypt

encrypted encrypted_pmk

Command Default

Command Modes

Cisco TrustSec manual configuration

Cisco Nexus 7000 Series Security Command Reference

Key value. This is a hexadecimal string with an even

number of characters. The maximum length is 32

(Optional) Pads zeros to the left of the entered string

if the PMK length is less than 32 bytes.

(Optional) Specifies that the configured PMK be

displayed in AES-encrypted format in the running

configuration.

Specifies an encrypted PMK string of 64 bytes (128

hexadecimal characters).

Specifies that the peer device does not support Cisco

TrustSec 802.1X authentication or authorization but

does support SAP data path encryption and

authentication.

(Optional) Specifies the SAP operation mode.

Specifies Galois/Counter Mode (GCM) encryption

and authentication mode.

Specifies GCM authentication mode.

Specifies no encapsulation and no security group tag

(SGT) insertion.

Specifies the encapsulation of the SGT without

authentication or encryption.