Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
1
Replies

SAP PMK command not found on Cisco ISR 4451

Desmond Lee
Level 1
Level 1

‎04-19-2022 09:11 AM

Hi, I needed something like the below configuration on the router for TrustSEC router to router link.

 

interface GigabitEthernet1/0/10
description for TRUSTSEC TESTING
cts manual
no propagate sgt
sap pmk 00000001234ABCDEF mode-list gcm-encrypt

 

But on the ISR 4451 router, I am unable to find the "sap pmk" command. Is the issue with ios or license ?

------------------------------------------------------------------------------------------

License

 

Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None Smart License None
uck9 None Smart License None
securityk9 securityk9 Smart License securityk9
ipbase ipbasek9 Smart License ipbasek9

 

License Usage
=============

securityk9 (ISR_4400_Security):
Description: securityk9
Count: 1
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: securityk9
Feature Description: securityk9
Enforcement type: NOT ENFORCED
License type: Perpetual

ISR_4400_Hsec (ISR_4400_Hsec):
Description: U.S. Export Restriction Compliance license for 4400 series
Count: 0
Status: NOT IN USE
Export status: RESTRICTED - ALLOWED
Enforcement type: EXPORT RESTRICTED
License type: Invalid

=================================================================================

IOS Version

Cisco IOS XE Software, Version 17.04.01a
Cisco IOS Software [Bengaluru], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.4.1a, RELEASE SOFTWARE (fc4)

=================================================================================

RTR(config-if)#cts manual
RTR(config-if-cts-manual)#?
CTS manual configuration commands:
default Set a command to its defaults
exit Exit from CTS manual sub mode
no Negate a command or set its defaults
policy CTS policy for manual mode
propagate CTS SGT Propagation configuration for manual mode

RTR(config-if-cts-manual)#default ?
policy CTS policy for manual mode
propagate CTS SGT Propagation configuration for manual mode

RTR(config-if-cts-manual)#default policy ?
static Configure policy to be applied on the link

RTR(config-if-cts-manual)#default propagate ?
sgt CTS SGT Propagation configuration

R06_RTR(config-if-cts-manual)#policy ?
static Configure policy to be applied on the link

R06_RTR(config-if-cts-manual)#policy static ?
sgt Source Security Group Tag to apply to untagged or non-trusted incoming traffic

R06_RTR(config-if-cts-manual)#propagate ?
sgt CTS SGT Propagation configuration

R06_RTR(config-if-cts-manual)#propagate

 

Regards,

 

Desmond

 

Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎04-20-2022 07:29 PM

I moved this post to the routing forum from the NAC community as the topic is not related to ISE.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card