Guest

Preview Tool

Cisco Bug: CSCuo57613 - MACsec does not work with "rate-mode dedicated force" configured .

Last Modified

Nov 27, 2020

Products (8)

  • CiscoPro Workgroup EtherSwitch Software
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.2(6)

Description (partial)

Symptom:
Issue was observed on the 10G interface ( N7K-M148GS-11) with the rate-mode dedicated force command enabled.
The MACsec tunnel does not come up with the following configuration on the interface.

interface Ethernet4/1
  cts manual
    no propagate-sgt
    sap pmk 0000000000000000000000000000000000000000123456781234567812345678
  ip address 192.168.1.2/24
  no shutdown

Conditions:
When MACsec is enabled in manual mode between two L3 data center links, it does not come up when the 'rate-mode dedicated force' command is enabled on the interface. Switch is running software version 6.2.6

n7k-2(config-if)# do sh cts interface eth 4/1
CTS Information for Interface Ethernet4/1:
    CTS is enabled, mode:   CTS_MODE_MANUAL
    IFC state:              Unknown
    Authentication Status:  CTS_AUTHC_INIT
      Peer Identity:
      Peer is:              Unknown in manual mode
      802.1X role:          CTS_ROLE_UNKNOWN
      Last Re-Authentication:
    Authorization Status:   CTS_AUTHZ_INIT
      PEER SGT:             0
      Peer SGT assignment:  Not Trusted
    SAP Status:             CTS_SAP_INIT
      Version:
      Configured pairwise ciphers:
      Replay protection:
      Replay protection mode:
      Selected cipher:
    Propagate SGT: Disabled

Topology : 7k 4/1   .1----192.168.1.0/24----.2  4/1 7k

n7k-2# sh module
Mod  Ports  Module-Type                         Model              Status
---  -----  ----------------------------------- ------------------ ----------
3    48     1000 Mbps Optical Ethernet Module   N7K-M148GS-11      ok
4    32     10 Gbps Ethernet Module             N7K-M132XP-12      ok
5    0      Supervisor Module-2                 N7K-SUP2E          active *

Mod  Sw              Hw
---  --------------  ------
3    6.2(6)          1.2     
4    6.2(6)          1.4     
5    6.2(6)          1.0     

yu
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.