cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
625
Views
5
Helpful
0
Replies

Trussec MacSec between 3850 and Catalyst 9300

Victor
Level 1
Level 1

Hello,

I have one 3850 running 03.07.04.E with TrustSec running with another 3850. I am trying to configure the same thing with Catalyst 9300 running 16.9.3.

 

3850(config-if-cts-manual)#do show run int Te2/1/4
Building configuration...

Current configuration : 273 bytes
!
interface TenGigabitEthernet2/1/4
description L2 EPL GTS DC dark
switchport trunk allowed vlan 2
switchport mode trunk
cts manual
no propagate sgt
sap pmk 00000000000000000000000000000000000000000000000000008A8B8C8D8E8A mode-list gcm-encrypt null no-encap
end

 

9300(config-if-cts-manual)#$ Interface TenGigabitEthernet2/1/7
Building configuration...

Current configuration : 241 bytes
!
interface TenGigabitEthernet2/1/7
switchport trunk allowed vlan 2
switchport mode trunk
cts manual
no propagate sgt
sap pmk 00000000000000000000000000000000000000000000000000008A8B8C8D8E8A mode-list gcm-encrypt null no-encap
end

 

On 3850 it seems fine (Te2/1/4 up up) but on 9300 the interface keeps flapping (Te2/1/7 up down) between administratively down, line protocol is down (disabled)and TenGigabitEthernet2/1/7 is up, line protocol is down (notconnect) 

 

I friend of mine told me he had the same problem with Cat 9300 - it doesn't know manual cts and I need to configure policy. Is that true?

I found two bugs (CSCvf66433 and CSCvi91730) but based on the software version I'm running not sure I'm hitting those.

Any suggestion is appreciated.
Thank you
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco