Authentication Linksec Policy - Cisco Catalyst 3560X-24P Command Reference Manual

Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands

authentication linksec policy

To set the static selection of a link-security policy, use the authentication linksec policy interface
configuration command. To return to the default state, use the no form of this command.
Syntax Description
must-not-secure
must-secure
should-secure
Defaults The default is to support a link security policy of should secure.
Command Modes
MKA policy configuration
Command History Release
12.2(53)SE2
Usage Guidelines The linksec policy might change after a successful reauthentication started by a local timer or a change
of authorization (CoA) reauthenticate command. If the policy changes from must-not-secure to
must-secure after a reauthentication, the system attempts to secure the session. If the MACsec key does
not renegotiate a MACsec connection after a reauthentication, the session is terminated, and all local
states are removed.
A per-user policy received after authentication overrides the interface configuration policy.
Examples This example configures the interface to always secure MACsec sessions:
Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# authentication linksec policy must-secure
Switch(config-if)# end
You can verify your setting by entering the show authentication sessions privileged EXEC command.
Related Commands Command
show authentication sessions
OL-21522-02
authentication linksec policy {must-not-secure | must-secure | should-secure}
no authentication linksec policy
Establishes the host session without Media Access Control Security
(MACsec). Never secures the sessions.
Secures the session with MACsec. Always secures the sessions.
Optionally secures the session with MACsec.
Modification
This command was introduced.
Description
Displays information about authentication events on the switch.
Catalyst 3750-X and 3560-X Switch Command Reference
authentication linksec policy
2-35