Solved: TrustSec on WS-C3850-24T

Morpheus80 · ‎11-13-2014

Hi,

I want do configure a switch-to-switch link security. (manual mode) on a Cisco 3850 IP-Base.

But under "sap .. mode-list" the only entry is: no-encap

I need gcm-encrypt but this option is not displayed.

SW Version: 03.06.00E

SW Image: cat3k_caa-universalk9

License Level: Ipbase

Model: WS-C3850-24T

What could be the problem?

Best Regards

Karsten Iwen · ‎11-13-2014

The 3850 hardware is capable of MACSec, but it's not yet implemented in the software:

This is from the 3850 Q&A:

Q. What about service modules for the Cisco Catalyst 3850?

A. There are no service modules for the Cisco Catalyst 3850. Features supported through the service module in the 3750-X (including Flexible NetFlow and MACsec ^*) are natively supported by the Cisco Catalyst 3850.

^* MACsec software support might be added later as part of a software update.

View solution in original post

Karsten Iwen · ‎11-13-2014

The 3850 hardware is capable of MACSec, but it's not yet implemented in the software:

This is from the 3850 Q&A:

Q. What about service modules for the Cisco Catalyst 3850?

A. There are no service modules for the Cisco Catalyst 3850. Features supported through the service module in the 3750-X (including Flexible NetFlow and MACsec ^*) are natively supported by the Cisco Catalyst 3850.

^* MACsec software support might be added later as part of a software update.

Milan Mitic · ‎09-22-2016

There is a MACsec feature on 3850 series switches but you are going to need at least 03.07.xxE IOS code. Please update IOS image and you will find gmac, gcm-encrypt and null options under sap mode-list.