Upgrading the firmware on a Cisco MDS switch involves using two specific image files: the (e.g., m9100-s3ek9-mz.X.X.X.bin ) and the kickstart image (e.g., m9100-s3ek9-kickstart-mz.X.X.X.bin ). 1. Pre-Upgrade Verification
For engineers who will be deploying this card, here is a conceptual example of enabling MACsec on one of the ’s ports: m9100-s3ek9
! Enable MACsec on interface GigabitEthernet 0/0/1 (first port of the line card) conf t interface GigabitEthernet 0/0/1 macsec macsec key-server mka policy my-policy macsec replay-protection window-size 64 no shutdown ! ! Configure an MKA (MACsec Key Agreement) keychain key chain macsec-keys macsec key 1 cryptographic-algorithm gcm-aes-256 key-string 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF ! ! Apply an ACL to classify which traffic to encrypt (optional) ip access-list extended ENCRYPT-ME permit ip any any Upgrading the firmware on a Cisco MDS switch
: Use the MD5 checksum to ensure the downloaded files are not corrupted: show version image bootflash:///m9100-s3ek9-mz. .bin 2. Impact Analysis Enable MACsec on interface GigabitEthernet 0/0/1 (first port