Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
5
Helpful
2
Replies

TrustSec Security

Go to solution
Aaron O'Hare
Level 1
Level 1

‎09-24-2015 06:28 AM - edited ‎03-08-2019 01:55 AM

I am attempting to configure manual (without ACS) TrustSec between a 3560cx and 3850 over a fiber trunk port however none of the normal cts commands appears to be recognized on either platform, nor do mka commands appear to be recognized. Its been a while since I've worked with TrustSec and mostly on chassis systems so I must be missing something but not sure what. Any suggestions or any config guides you can point me to?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vincent.bijleveld
Level 1
Level 1

‎10-14-2015 12:58 AM

Hi Aaron,

 

Trying to accomplish the same here, our 3850's came with version 03.02 but it is from 03.03 and up where it is possible to enter cts commands. Further more you need a service module in your switches (for with to switch encryption) and have IPBASE image installed. I have a network module delivered so not sure if that will do me good. It also seems that you need SFP+ transceivers for this.

 

I'm now struggling with assigning a encryption mode-list on a sap pmk key. Only option is no-encap which could mean that the interface is not capable of doing encryption.

 

TrustSec Config Guide:

http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec.pdf

 

Nice presentation on TrustSec:

http://ftp.cisco.cz/Seminare/2013-ConnectClub/2013-10-24-CC-TrustSec-JiriTesar.pdf

 

Hope this helps you further.

View solution in original post

2 Replies 2

Go to solution
vincent.bijleveld
Level 1
Level 1

‎10-14-2015 12:58 AM

Hi Aaron,

 

Trying to accomplish the same here, our 3850's came with version 03.02 but it is from 03.03 and up where it is possible to enter cts commands. Further more you need a service module in your switches (for with to switch encryption) and have IPBASE image installed. I have a network module delivered so not sure if that will do me good. It also seems that you need SFP+ transceivers for this.

 

I'm now struggling with assigning a encryption mode-list on a sap pmk key. Only option is no-encap which could mean that the interface is not capable of doing encryption.

 

TrustSec Config Guide:

http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec.pdf

 

Nice presentation on TrustSec:

http://ftp.cisco.cz/Seminare/2013-ConnectClub/2013-10-24-CC-TrustSec-JiriTesar.pdf

 

Hope this helps you further.

Go to solution
vincent.bijleveld
Level 1
Level 1
In response to vincent.bijleveld

‎11-12-2015 11:22 AM

Found out that from version 03.07 you are able to get all options in the mode-list. So if you want point-to-point encryption on your links, upgrade to version 03.07.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card