Solved: Re: Cisco 9300L macsec config

fractal90 · ‎02-07-2022

I want to config macsec between two 9300L, but when i started to config i noticed:

they don't have this command

9300_stack#show run interface gig 1/0/1
interface GigabitEthernet1/0/1
description MACSEC_manual_3850-2-gi1/0/1
switchport access vlan 10
switchport mode trunk
cts manual 
    no propagate sgt
    sap pmk AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA mode-list gcm-encrypt

Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 29    C9300L-24P-4X      16.12.3a          CAT9K_IOSXE           INSTALL

fractal90 · ‎02-07-2022

it was a bug, i've updated to 16.12.04 and it's help

View solution in original post

marce1000 · ‎02-07-2022

>....they don't have this command

I don't understand, could you post config command as tried (exactly) , including returned error.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

fractal90 · ‎02-07-2022

it doesn't sap

switch(config)#int te 1/1/4
switch(config-if)#ct
switch(config-if)#cts ma
switch(config-if)#cts manual
switch(config-if-cts-manual)#?
CTS manual configuration commands:
  default    Set a command to its defaults
  encrypt    Pause frame encryption configuration for manual mode
  exit       Exit from CTS manual sub mode
  no         Negate a command or set its defaults
  propagate  CTS SGT Propagation configuration for manual mode

switch(config-if-cts-manual)#sap ?
% Unrecognized command
switch(config-if-cts-manual)#sap ?
% Unrecognized command
switch(config-if-cts-manual)#sap
                                        ^
% Invalid input detected at '^' marker.

fractal90 · ‎02-07-2022

it was a bug, i've updated to 16.12.04 and it's help