11-14-2017 05:45 AM - edited 03-08-2019 12:44 PM
Hi All,
I'm migrating a 3750 switch to a 3850. On the 3750 macsec is configured.
cts manual
no propagate sgt
sap pmk 0 <pasw> mode-list gcm-encrypt
But this command does not seem to exist in my 3850.
(config-if-cts-manual)#sap pmk 0 pw mode-list ?
no-encap No encapsulation
gmc-encrypt is not available. I have found this information...
If the interface is not capable of data link encryption, no-encap is the default and the only available SAP operating mode. SGT is not supported.
What is a data link encryption capable interface?
Thanks,
J.
Solved! Go to Solution.
11-23-2017 12:27 AM
Thanks Austin,
The softwareversion needed to be higher than 3.7.
Now the commands are available.
Br,
J
11-14-2017 06:23 AM
It's supported on 3850 as long as you have IOS XE 3.7E and later.
Example:
sap pmk key [mode-list mode1 [mode2 [mode3 [mode4]]]]
Switch# configure terminal
Switch(config)# interface tengiigabitethernet 1/1/2
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# sap pmk 1234abcdef mode-list gcm-encrypt null no-encap
Switch(config-if-cts-manual)# no propagate sgt
Switch(config-if-cts-manual)# exit
Switch(config-if)# end
I hope this helps and good luck.
-Austin
11-23-2017 12:27 AM
Thanks Austin,
The softwareversion needed to be higher than 3.7.
Now the commands are available.
Br,
J
11-30-2017 08:08 AM
Great. Please don't forget to rate helpful answers to benefit others. Thank you.
-Austin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide