2-38
Catalyst 3750-X and 3560-X Switch Command Reference
OL-29704-01
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
authentication linksec policy
authentication linksec policy
To set the static selection of a link-security policy, use the authentication linksec policy interface
configuration command. To return to the default state, use the no form of this command.
authentication linksec policy {must-not-secure | must-secure | should-secure}
no authentication linksec policy
Syntax Description
Defaults The default is to support a link security policy of should secure.
Command Modes MKA policy configuration
Command History
Usage Guidelines The linksec policy might change after a successful reauthentication started by a local timer or a change
of authorization (CoA) reauthenticate command. If the policy changes from must-not-secure to
must-secure after a reauthentication, the system attempts to secure the session. If the MACsec key does
not renegotiate a MACsec connection after a reauthentication, the session is terminated, and all local
states are removed.
A per-user policy received after authentication overrides the interface configuration policy.
Examples This example configures the interface to always secure MACsec sessions:
Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# authentication linksec policy must-secure
Switch(config-if)# end
You can verify your setting by entering the show authentication sessions privileged EXEC command.
Related Commands
must-not-secure Establishes the host session without Media Access Control Security
(MACsec). Never secures the sessions.
must-secure Secures the session with MACsec. Always secures the sessions.
should-secure Optionally secures the session with MACsec.
Release Modification
12.2(53)SE2 This command was introduced.
Command Description
show authentication sessions Displays information about authentication events on the switch.
To Next Page
Loading...
Need help?
General