Cts Manual - Cisco Catalyst 3650 series Command Reference Manual

cts manual

To manually enable an interface for Cisco TrustSec Security (CTS), use the cts manual command in interface
configuration mode.
cts manual
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration (config-if)
Command History
Release
Cisco IOS XE Denali 16.3.1
Cisco IOS XE Denali 16.2.1
Usage Guidelines
Use the cts manual command to enter the TrustSec manual interface configuration in which policies and the
Security Association Protocol (SAP) are configured on the link.
When cts manual command is configured, 802.1X authentication is not performed on the link. Use the policy
subcommand to define and apply policies on the link. By default no policy is applied. To configure MACsec
link-to-link encryption, the SAP negotiation parameters must be defined. By default SAP is not enabled. The
same SAP Pairwise master key (PMK) should be configured on both sides of the link (that is, a shared secret)
Examples The following example shows how to enter the Cisco TrustSec manual mode:
Switch# configure terminal
Switch(config)# interface gigabitethernet 0
Switch(config-if)# cts manual
Switch(config-if-cts-manual))#
The following example shows how to remove the CTS manual configuration from an interface:
Switch# configure terminal
Switch(config)# interface gigabitethernet 0
Switch(config-if)# no cts manual
Related Commands
Command
propagate sgt (cts manual)
Modification
This command was modified with additional options.
This command was introduced.
Description
Enables Security Group Tag (SGT) propagation at
Layer 2 on Cisco TrustSec Security (CTS) interfaces.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
cts manual
729