[c-nsp] NX-OS - Cisco TrustSec
Lincoln Dale
ltd at cisco.com
Tue May 11 19:43:12 EDT 2010
On 11/05/2010, at 2:12 PM, Manu Chao wrote:
> I need to encrypt L2 trafic over a MAN between 2 Nexus 7K. The feature CTS
> seems to be the right feature to use with 802.1x. Correct?
>
> Question is could we have a local authentication/authorization instead
> classical Radius/ACS query/reply since it is used only for Cisco
> point-to-point backbone link?
if you wish to use link-layer security note that you don't have to use AAA based authentication for the key exchange, you can configure it manually if you wish.
both ends of the link need the same 'sap pmk' configured, configuration would simply be something like:
feature dot1x
feature cts
!
interface ethX/Y
description MAN link
cts manual
no propagate‐sgt
sap pmk abcde12345000000000000000000000000000000000000000000000000000000
no shutdown
the 'sap pmk' is the pairwise master key (32 bytes hex string = 128 bits).
cheers,
lincoln.
More information about the cisco-nsp
mailing list