04-19-2022 09:11 AM
Hi, I needed something like the below configuration on the router for TrustSEC router to router link.
interface GigabitEthernet1/0/10
description for TRUSTSEC TESTING
cts manual
no propagate sgt
sap pmk 00000001234ABCDEF mode-list gcm-encrypt
But on the ISR 4451 router, I am unable to find the "sap pmk" command. Is the issue with ios or license ?
------------------------------------------------------------------------------------------
License
Technology Package License Information:
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None Smart License None
uck9 None Smart License None
securityk9 securityk9 Smart License securityk9
ipbase ipbasek9 Smart License ipbasek9
License Usage
=============
securityk9 (ISR_4400_Security):
Description: securityk9
Count: 1
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: securityk9
Feature Description: securityk9
Enforcement type: NOT ENFORCED
License type: Perpetual
ISR_4400_Hsec (ISR_4400_Hsec):
Description: U.S. Export Restriction Compliance license for 4400 series
Count: 0
Status: NOT IN USE
Export status: RESTRICTED - ALLOWED
Enforcement type: EXPORT RESTRICTED
License type: Invalid
=================================================================================
IOS Version
Cisco IOS XE Software, Version 17.04.01a
Cisco IOS Software [Bengaluru], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.4.1a, RELEASE SOFTWARE (fc4)
=================================================================================
RTR(config-if)#cts manual
RTR(config-if-cts-manual)#?
CTS manual configuration commands:
default Set a command to its defaults
exit Exit from CTS manual sub mode
no Negate a command or set its defaults
policy CTS policy for manual mode
propagate CTS SGT Propagation configuration for manual mode
RTR(config-if-cts-manual)#default ?
policy CTS policy for manual mode
propagate CTS SGT Propagation configuration for manual mode
RTR(config-if-cts-manual)#default policy ?
static Configure policy to be applied on the link
RTR(config-if-cts-manual)#default propagate ?
sgt CTS SGT Propagation configuration
R06_RTR(config-if-cts-manual)#policy ?
static Configure policy to be applied on the link
R06_RTR(config-if-cts-manual)#policy static ?
sgt Source Security Group Tag to apply to untagged or non-trusted incoming traffic
R06_RTR(config-if-cts-manual)#propagate ?
sgt CTS SGT Propagation configuration
R06_RTR(config-if-cts-manual)#propagate
Regards,
Desmond
04-20-2022 07:29 PM
I moved this post to the routing forum from the NAC community as the topic is not related to ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide