cipher-suite

描述

Within the MACsec policy context, configures one or more cipher suites to be used to generate the SAK (Secure Authentication Key) for when the switch is the key server. When multiple cipher suites are configured, the most secure cipher suite is considered first during negotiation.

The no form of this command (without theparameter) resets to the default of considering (during negotiation) all supported cipher suites while giving priority to the most secure suitegcm-aes-xpn-256. Include theparameter to disable a particular cipher suite.

Command context

config-macsec-policy

Parameters

Selects the cipher suite. Available cipher suites are:

• gcm-aes-128: aes - 128cryption with Galois/Counter mode.

• gcm-aes-256: AES-256 encryption with Galois/Counter mode.

• gcm-aes-xpn-128: aes - 128cryption with Galois/Counter mode and extended packet numbering.

• gcm-aes-xpn-256: aes - 128cryption with Galois/Counter mode and extended packet numbering. (The default and the most secure.)

权威

Administrators or local user group members with execution rights for this command.

Examples

Enabling a single cipher suite:

switch(config-macsec-policy)#cipher-suite gcm-aes-128

Enabling two cipher suites:

switch(config-macsec-policy)#cipher-suite gcm-aes-256 gcm-aes-xpn-256

Disabling a particular cipher suite:

switch(config-macsec-policy)#no cipher suite gcm-aes-128

Resetting to the default of considering all available cipher suites while giving priority togcm-aes-xpn-256:

switch(config-macsec-policy)#没有密码组合