Cisco WS-C3550-12G Switch Guide - Page 185

MACsec

Get Cisco WS-C3550-12G PDF manuals and user guides View all Cisco WS-C3550-12G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 185 highlights

Software Features MACsec The Cisco Catalyst 3750-X Series Switches offer exceptional security with integrated hardware support for MACsec defined in IEEE 802.1AE. MACsec provides MAC layer encryption over wired networks using out-of-band methods for encryption keying. The MACsec Key Agreement (MKA) protocol provides the required session keys and manages the keys required for encryption when configured. MKA and MACsec are implemented following successful authentication using 802.1x Extensible Authentication Protocol (EAP) framework. In Cisco Catalyst 3750-X and 3560-X Series Switches both the user/downlink ports (links between the switch and endpoint devices such as a PC or IP phone) and, using the service module, the network/up-link ports can be secured using MACsec. With the service module you can encrypt switch to switch links such as access to distribution, or encrypt dark fiber links within a building or between buildings. The three feature sets available with all Cisco Catalyst 3750-X Series Switches are: • LAN Base: Enhanced Intelligent Services • IP Base: Baseline Enterprise Services • IP Services: Enterprise Services The LAN Base feature set offers enhanced intelligent services that includes comprehensive Layer 2 features, with up-to 255 VLANs. The IP Base feature set provides baseline enterprise services in addition to all LAN Base features, with 1K VLANs. IP Base also includes the support for routed access, StackPower (available only on the Catalyst 3750-X), MACsec, and the new Cisco Service Module. The IP Services feature set provides full enterprise services that includes advanced Layer 3 features such as Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Protocol Independent Multicast (PIM), and IPv6 routing such as OSPFv3 and EIGRPv6. All software feature sets support advanced security, QoS, and management features. The Cisco Catalyst 3750-X Series Switches with LAN Base feature set can only stack with other Cisco Catalyst 3750 X Series LAN Base switches. A mixed stack of LAN Base switch with IP Base or IP Services features set is not supported. Customers can transparently upgrade the software feature set in the Cisco Catalyst 3750-X Series Switches through Cisco IOS® Software activation. Software activation authorizes and enables the Cisco IOS Software feature sets. A special file contained in the switch, called a license file, is examined by Cisco IOS Software when the switch is powered on. Based on the license's type, Cisco IOS Software activates the appropriate feature set. License types can be changed, or upgraded, to activate a different feature set. For detailed information about Software Activation, visit http://www.cisco.com/go/sa. 183

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
183
Software Features
MACsec
The Cisco Catalyst 3750-X Series Switches offer
exceptional security with integrated hardware
support for MACsec defined in IEEE 802.1AE.
MACsec provides MAC layer encryption over wired
networks using out-of-band methods for encryption
keying. The MACsec Key Agreement (MKA) protocol
provides the required session keys and manages the
keys required for encryption when configured. MKA
and MACsec are implemented following successful
authentication using 802.1x Extensible Authentication
Protocol (EAP) framework. In Cisco Catalyst 3750-X
and 3560-X Series Switches both the user/down-
link ports (links between the switch and endpoint
devices such as a PC or IP phone) and, using the
service module, the network/up-link ports can be
secured using MACsec. With the service module you
can encrypt switch to switch links such as access
to distribution, or encrypt dark fiber links within a
building or between buildings.
The three feature sets available with all Cisco
Catalyst 3750-X Series Switches are:
• LAN Base:
Enhanced Intelligent Services
• IP Base:
Baseline Enterprise Services
• IP Services:
Enterprise Services
The LAN Base feature set offers enhanced intelligent
services that includes comprehensive Layer
2 features, with up-to 255 VLANs. The IP Base
feature set provides baseline enterprise services in
addition to all LAN Base features, with 1K VLANs. IP
Base also includes the support for routed access,
StackPower (available only on the Catalyst 3750-X),
MACsec, and the new Cisco Service Module. The IP
Services feature set provides full enterprise services
that includes advanced Layer 3 features such as
Enhanced Interior Gateway Routing Protocol (EIGRP),
Open Shortest Path First (OSPF), Border Gateway
Protocol (BGP), Protocol Independent Multicast (PIM),
and IPv6 routing such as OSPFv3 and EIGRPv6. All
software feature sets support advanced security,
QoS, and management features.
The Cisco Catalyst 3750-X Series Switches with
LAN Base feature set can only stack with other Cisco
Catalyst 3750 X Series LAN Base switches. A mixed
stack of LAN Base switch with IP Base or IP Services
features set is not supported.
Customers can transparently upgrade the software
feature set in the Cisco Catalyst 3750-X Series
Switches through Cisco IOS
®
Software activation.
Software activation authorizes and enables the Cisco
IOS Software feature sets. A special file contained
in the switch, called a license file, is examined by
Cisco IOS Software when the switch is powered on.
Based on the license’s type, Cisco IOS Software
activates the appropriate feature set. License types
can be changed, or upgraded, to activate a different
feature set. For detailed information about Software
Activation, visit
.