| Download this chapter Configuring Data Encryption FeedbackContents - Configuring Data Encryption
- Finding Feature Information
- Prerequisites for Configuring Data Encryption
- Restrictions for Configuring Data Encryption
- Information About Data Encryption
- How to Configure Data Encryption
- Configuring Data Encryption (CLI)
- Configuring Data Encryption (GUI)
- Configuration Examples for Configuring Data Encryption
- Displaying Data Encryption States for all Access Points: Examples
Finding Feature Information Your software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Configuring Data Encryption - Cisco 1260, 3500, 3600, 801, 1140, 1310, and 1520 series access points support Datagram Transport Layer Security (DTLS) data encryption.
- You can use the switch to enable or disable DTLS data encryption for a specific access point or for all access points.
- Non-Russian customers who use the Cisco switch do not need a data DTLS license.
Restrictions for Configuring Data Encryption - Encryption limits throughput at both the switch and the access point, and maximum throughput is desired for most enterprise networks.
- If your switch does not have a data DTLS license and if the access point associated with the switch has DTLS enabled, the data path will be unencrypted.
- In images that do not have a DTLS license, the DTLS commands are not available.
Information About Data EncryptionThe switch enables you to encrypt Control and Provisioning of Wireless Access Points (CAPWAP) control packets (and optionally, CAPWAP data packets) that are sent between the access point and the switch using DTLS. DTLS is a standards-track Internet Engineering Task Force (IETF) protocol based on TLS. CAPWAP control packets are management packets exchanged between a switch and an access point while CAPWAP data packets encapsulate forwarded wireless frames. CAPWAP control and data packets are sent over separate UDP ports: 5246 (control) and 5247 (data). If an access point does not support DTLS data encryption, DTLS is enabled only for the control plane, and a DTLS session for the data plane is not established. How to Configure Data EncryptionConfiguring Data Encryption (CLI)SUMMARY STEPS 1. configure terminal
2. ap link-encryption
3. end
4. show ap link-encryption
5. show wireless dtls connections
DETAILED STEPS | Command or Action | Purpose |
---|
Step1 | configure terminal Example: Switch# configure terminal | Enters global configuration mode. | Step2 | ap link-encryption Example: Switch(config)# ap link-encryption | Enables data encryption for all access points or a specific access point by entering this command. The default value is disabled. Changing the data encryption mode requires the access points to rejoin the switch. | Step3 | end Example: Switch(config)# end | Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. | Step4 | show ap link-encryption Example: Switch# show ap link-encryption | Displays the encryption state of all access points or a specific access point. This command also shows authentication errors, which track the number of integrity check failures and replay errors. Relay errors help in tracking the number of times the access point receives the same packet. | Step5 | show wireless dtls connections Example: Switch# show wireless dtls connections | Displays a summary of all active DTLS connections. Note | If you experience any problems with DTLS data encryption, enter the debug dtls ap {all | event | trace} command to debug all DTLS messages, events, or traces. | |
Configuring Data Encryption (GUI)Step1 | Choose Configuration > Wireless > Access Points > All APs. The All APs page is displayed. | Step2 | Click the name of the access point for which you want to enable data encryption. The AP > Edit page is displayed. | Step3 | Click the Advanced tab. | Step4 | Select or unselect the Data Encryption check box. Note | Changing the data encryption mode requires the access points to reassociate with the switch. |
| Step5 | Click Apply. | Step6 | Click Save Configuration. |
Configuration Examples for Configuring Data EncryptionDisplaying Data Encryption States for all Access Points: Examples This example shows how to display the encryption state of all access points or a specific access point. This command also shows authentication errors, which track the number of integrity check failures and replay errors. Relay errors help in tracking the number of times the access point receives the same packet: Switch# show ap link-encryption Encryption Dnstream Upstream LastAP Name State Count Count Update------------------ ---------- -------- -------- ------3602a Enabled 0 0 Never This example shows how to display a summary of all active DTLS connections: Switch# show wireless dtls connectionsAP Name Local Port Peer IP Peer Port Ciphersuite--------------- ------------ ------------- ---------- --------------------3602a Capwap_Ctrl 10.10.21.213 46075 TLS_RSA_WITH_AES_128_CBC_SHA3602a Capwap_Data 10.10.21.213 46075 TLS_RSA_WITH_AES_128_CBC_SHA
|
FAQs
Cisco 3850 as a Layer 3 Switch: Routing Capabilities
The Cisco 3850 is designed to provide high-performance switching and routing services in a single platform. As a Layer 3 switch, the Cisco 3850 operates at the network layer of the OSI model, which allows it to perform routing functions.
Is the Cisco 3850 end of life? ›
Cisco announces the End-of-sale and End-of-life dates for the Cisco Catalyst 3850 Series Switches. The last day to order the affected product(s) is September 5, 2023.
When you deploy Cisco Catalyst 3850 series switches which two modes of operation can you choose from? ›
There are 2 methods of booting and running IOS XE software in 3850 switch/stack. By default, the switches are shipped in Install mode. Bundle mode: Bundle mode is where we boot the switch/stack using the . bin file.
What is the ACL limit for Cisco 3850? ›
The Catalyst 3850 Data Sheet suggests that 3,000 security ACL entries are supported.
What replaced the Cisco 3850? ›
The Cisco Catalyst 9300 Series switches are the recommended replacement for the Cisco Catalyst 3850 switches. The Catalyst 9300 Series switches offer improved performance, enhanced security features, and increased scalability, making them a suitable choice for modern network infrastructure.
How old is the Cisco 3850? ›
Cisco Catalyst 3850 Series Switches
Product Type | Campus LAN Switches - Access |
---|
Series Release Date | 10-JAN-2013 |
End-of-Sale Date | 30-APR-2022 |
End-of-Support Date | 30-APR-2027 |
Diagram | Visio Stencil (8 MB .zip file) |
3 more rows
How many Cisco 3850 switches can be stacked? ›
Up to four switches can be configured in a StackPower stack using the StackPower cable. For more information about StackPower, see the Interface and Hardware Component Configuration Guide (Catalyst 3850 Switches) .
What is the lifespan of a Cisco switch? ›
I'd say most hardware should be refreshed or replaced every 3-5 years, due to product updates, new vulnerabilities, security, industry standards, and a plethora of other variables. By 5 years you should have it replaced just as any other equipment.
What power does a Cisco 3850 need? ›
The power consumption of the Cisco Catalyst 3850 switches ranges from approximately 50 watts to 1100 watts, depending on the model and the number of installed modules or power supplies. The power supplies available for the Cisco Catalyst 3850 series include 350WAC, 715WAC, 1100WAC, and 440WDC options.
What is the difference between Cisco Catalyst 2960 switch and Cisco Catalyst 3560 switch? ›
2960 are L2 switches (only capable of switching). 3560's are L3 switches (does routing as well). 3560 are no longer supported by Cisco, so consider 3760's. What's the diference between Cisco Catalyst 3560-X series and 3650 series?
The Bundle mode uses the monolithic Cisco IOS images to boot a switch. This mode will use more RAM memory than the Install mode since the packages are extracted from the bundle and copied to RAM during bootup.
What is the throughput of Catalyst 3850? ›
Each 48-port Cisco Catalyst 3850 provides 40 Gbps of wireless throughput (20 Gbps on the 24-port model). This wireless capacity increases with the number of members in the stack.
What is the maximum MTU size for a Cisco 3850? ›
The range is from 1500 to 9198 bytes. Use the ip mtu bytes command. The range is from 832 up to 1500 bytes. The IP MTU value is the applied value, not the configured value.
What is the maximum port channel for a Cisco 3850? ›
The maximum port channel for a Cisco 3850 switch is 48. This means that you can create up to 48 port channels on a Cisco 3850 switch to aggregate multiple physical interfaces into a single logical channel for increased bandwidth and redundancy.
What is the span session limit for a Cisco 3850? ›
On each switch, you can configure a maximum of 8 source sessions and 58 RSPAN destination sessions. A source session is either a local SPAN session or an RSPAN source session.
Is a Cisco switch also a router? ›
1. A Cisco router connects different networks together whereas, a switch connects multiple devices together to create a network. 2. Routers work on the Physical layer; Data link layer and the Network layer whereas Switches, as well as advanced switches, work on the Data link layer and the Network layer too.
Is a Cisco 3850 L2 or L3? ›
The Catalyst 3850 switch can act as an L2 device with the disablement of IP routing. In order to make the switch function as an L3 device and provide Inter VLAN routing, make sure that ip routing is enabled globally. These are the three VLANs defined by the user: VLAN 2 — User-VLAN.
What is the name of the Cisco operating system on a router or switch? ›
Cisco IOS (Cisco Internetwork Operating System)
What is Cisco routing and switching? ›
CCNA Routing and Switching provides comprehensive coverage of networking topics, from fundamentals to advanced applications and services, with opportunities for hands-on practical experience and career skills development. Cisco Certifications.