Operate and maintain
Documents under this category provide functional descriptions and procedures for configuring, operating, and maintaining 7705 SAR software.
- Basic System Configuration Guide
  This guide provides an overview of the CLI and describes 7705 SAR boot options file (BOF) configuration, file system management, and basic system management such as node timing and synchronization.
- Interface Configuration Guide
  This guide describes the functionality of the 7705 SAR cards, modules, and ports and how to configure these components.
- MPLS Guide
  This guide describes how to configure MPLS, RSVP-TE, PCEP, and LDP protocols on the 7705 SAR.
- Quality of Service Guide
  This guide describes the Quality of Service (QoS) functionality provided by the 7705 SAR and how to configure and implement QoS on the router.
- Router Configuration Guide
  This guide describes how to configure logical IP routing interfaces, VRRP filtering, routing policies, and the cflowd tool on the 7705 SAR.
- Routing Protocols Guide
  This guide describes how to configure unicast routing protocols (OSFP, IS-IS, BGP, RIP) and multicast routing protocols (IGMP, MLD, PIM, MSDP) supported on the 7705 SAR.
- Services Guide
  This guide describes how to configure service parameters such as service access points (SAPs) and service destination points (SDPs), Layer 2 and Layer 3 services, security functions (IPSec), and encryption functions (NGE) on the 7705 SAR.
- System Management Guide
  This guide describes how to configure system security and access features, SNMP functionality, and event and accounting logs on the 7705 SAR.

MACsec key management modes

The following table describes the main key management modes in MACsec.

Table 1. MACsec key management modes
Keying	Description	7705 SAR support	Where used
Static SAK	Manually configures each node with a static security association key (SAK), SAM, or CLI		Switch to switch
Static CAK PRE SHARED KEY	Uses a dynamic MACsec key agreement (MKA) and a configured pre-shared key to drive the connectivity association key (CAK) The CAK encrypts the SAK between two peers and authenticates the peers.	✓	Switch to switch
Dynamic CAK EAP authentication	Uses a dynamic MKA and an EAP master system key (MSK) to drive the CAK The CAK encrypts the SAK between two peers and authenticates the peers.		Switch to switch
Dynamic CAK MSK distribution via RADIUS and EAP-TLS	Stores the MSKs in the RADIUS server and distributes to the hosts via EAP-TLS. This is typically used in access networks where a large number of hosts use MACsec and connect to an access switch. MKA uses MSK to drive the CAK. The CAK encrypts the SAK between two peers and authenticates the peers.		Host to switch

October 30, 2024