Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series Switches is
true?
A.
While SGACL enforcement and SGT propagation are supported on the M and F modules, 802.1AE
(MACsec) support is available only on the M module.
B.
SGT Exchange Protocol is required to propagate the SGTs across F modules that lack hardware
support for Cisco TrustSec.
C.
AAA authentication and authorization is supported using TACACS or RADIUS to a Cisco Secure
Access Control Server.
D.
Both Cisco TrustSec and 802.1X can be configured on an F or M module interface.
Explanation:
The M-Series modules on the Nexus 7000 support 802.1AE MACSEC on all ports, including the new
M2-series modules. The F2e modules will have this feature enabled in the future.
It is important to note that because 802.1AE MACSEC is a link-level encryption, the two MACSECenabled endpoints, Nexus 7000 devices in our case, must be directly L2 adjacent. This means we
direct fiber connection or one facilitated with optical gear is required. MACSEC has integrity checks
for the frames and intermediate devices, like another switch, even at L2, will cause the integrity
checks to fail. In most cases, this means metro-Ethernet services or carrier-provided label switched
services will not work for a MACSEC connection.http://www.ciscopress.com/articles/article.asp?p=2065720