MACSec Key Agreement Policy Configuration for User-Facing Cisco Catalyst Switch Ports

MACSec Key Agreement Policy Configuration

Prev Question Next Question

Question

Which additional configuration component is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

E.

To implement MACSec (Media Access Control Security) on user-facing Cisco Catalyst switch ports, the following configuration components are required:

  1. MACSec Key Agreement Policy: A Key Agreement Policy defines how the keys will be exchanged between two MACSec-capable devices before they can communicate securely.

  2. MACSec Cipher Suite: A Cipher Suite defines the cryptographic algorithms used for encryption and authentication in the MACSec process.

  3. Port configuration: Configuring MACSec on a port requires enabling the MACSec feature, specifying the MACSec Cipher Suite, and enabling the MACSec policy on the port.

  4. MACSec Key Server: A Key Server is required to distribute keys to the MACSec-enabled devices.

Out of the given options, the most appropriate additional configuration component required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports is "A. PKI" (Public Key Infrastructure).

PKI is a set of hardware, software, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. PKI provides the necessary infrastructure to generate and distribute digital certificates to the MACSec-enabled devices for secure communication. The devices use these digital certificates to authenticate each other before exchanging the keys.

Therefore, PKI is required to implement a MACSec Key Agreement policy on user-facing Cisco Catalyst switch ports.

The other options mentioned in the answer choices are not related to the configuration of MACSec on Cisco Catalyst switch ports.

  • TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol used for AAA (Authentication, Authorization, and Accounting) services.

  • Multi-auth host mode is a port security mode used to allow multiple hosts to connect to a single switch port.

  • Port security is a feature used to limit access to the network by allowing only specified MAC addresses to communicate on a specific port.

  • 802.1x is a protocol used for port-based network access control.

Prev Question Next Question