hit counter script
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. TrustSec
  6. Configuration manual

Cisco TrustSec Configuration Manual page 158

Hide thumbs
Table of Contents

Advertisement

sap (cts manual interface submode)
sap (cts manual interface submode)
Use the sap mode-list command to manually specify the Pairwise Master Key (PMK) and the Security
Association Protocol (SAP) authentication and encryption modes to negotiate MACsec link encryption
between two interfaces. Use the no form of the command to revert to the default.
Syntax Description
pmk hex_value
modelist
gcm-encrypt
gmac
no-encap
null
Defaults
The default encryption is sap modelist gcm-encrypt null. When the peer interface does not support
dot1x, 802.1AE MACsec, or 802.REV layer-2 link encryption, the default encryption is null.
Command Modes
CTS manual interface configuration submode (config-if-cts-manual)
Supported User Roles
Administrator
Command History
Release
12.2(50) SY
Usage Guidelines
The Security Association Protocol (SAP) is an encryption key derivation and exchange protocol based
on a draft version of the 802.11i IEEE protocol. In a TrustSec configuration, the keys are used for
MACsec link-to-link encryption between two interfaces.
If 802.1X authentication is not possible, SAP, and the Pairwise Master Key (PMK) can be manually
configured between two interfaces with the sap pmk command. When using 802.1X authentication, both
sides (supplicant and authenticator) receive the PMK and the MAC address of the peer's port from the
Cisco Secure Access Control Server.
Examples
The following example shows a SAP configuration for a Gigabit Ethernet interface:
router(config)# interface gigabitEthernet 2/1
router(config-if)# cts manual
router(config-if-cts-manual)# sap pmk FFFEE mode-list gcm-encrypt
Cisco TrustSec Configuration Guide
7-72
[no] sap pmk hex_value [modelist {gcm-encrypt | gmac | no-encap | null} [gcm-encrypt | gmac
| no-encap | null] . . . ]
Hex-data PMK (without leading 0x; enter even number of hex chars else last
char prefixed with 0)
List of advertised modes (prioritized from highest to lowest)
Specifies GCM authentication, GCM encryption
Specifies GCM authentication, no encryption
Specifies no encapsulation
Specifies encapsulation present, no authentication, no encryption
Modification
This command was introduced on the Catalyst 6500 Series Switches.
Chapter 7
Cisco TrustSec Command Summary
OL-22192-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco TrustSec

Related Products for Cisco TrustSec

Table of Contents