Table of Contents
Advertisement
Chapter 7
Cisco TrustSec Command Summary
cts rekey
To regenerate the Pairwise Master Key used by the Security Association Protocol (SAP), use the
cts rekey Privileged Exec command.
interface type slot/port Specifies the CTS interface on which to regenerate the SAP key.
Syntax Descriptionc
Defaults
There is no default value.
Command Modes
Privileged EXEC (#)
Supported User Roles
Administrator
Command History
Release
12.2(50) SY
IOS-XE 3.3.0 SG
IOS 15.0(1) SE
Usage Guidelines
SAP Pair-wise Master Key key (PMK) refresh ordinarily occurs automatically, triggered by
combinations of network events and non-configurable internal timers related to Dot1X authentication.
The ability to manually refresh encryption keys is often part of network administration security
requirements. To manually force a PMK refresh use the cts rekey command.
TrustSec supports a manual configuration mode where Dot1X authentication is not required to create
link-to-link encryption between switches. In this case, the PMK is manually configured on devices on
both ends of the link with the sap pmk CTS manual interface configuration command.
Examples
The following example regenerates the PMK on the specified interface.
switch# cts rekey interface gigabitEthernet 2/1
switch#
OL-22192-01
Modification
This command was introduced on the Catalyst 6500 Series Switches.
This command was introduced on the Catalyst 4500 Series Switches.
This command was introduced on the Catalyst 3000 Series Switches.
Cisco TrustSec Configuration Guide
cts rekey
7-23
Hide quick links:
Advertisement
Table of Contents
