Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1899
Views
0
Helpful
2
Replies

Remote leaf to Spine encryption

Go to solution
smutel
Level 1
Level 1

‎12-07-2018 06:07 PM - edited ‎03-01-2019 05:43 AM

Hello,

 

We are looking to connect a pair of remote leaf switches to our ACI fabric, however we want to make sure that all traffic between this pair of remote leaf switches and the ACI fabric (spines) is encrypted. Based on some reading, it looks like this is achieved through the use of encrypted CloudSec tunnels established between the spine switches and the remote leaf switches. Can you confirm this first point?

 

Do you know which hardware support Cloudsec encryption? Our ACI fabric uses 9364C as Spine switches and looks like the last 16 ports do support Cloudsec. However I am not clear about which remote leaf switches support Cloudsec encryption? FX switches only? All the switches in the FX family or just the FX2?

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2018 09:04 AM

 IEEE 802.1ae MAC Security (MACsec) support on all ports of 9300-FX models with speed greater than or equal to 10-Gbps, allows traffic encryption at the physical layer and provides secure server, border leaf, and leaf-to-spine connectivity.

 

Look reference document :

 

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-736651.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-08-2018 09:04 AM

 IEEE 802.1ae MAC Security (MACsec) support on all ports of 9300-FX models with speed greater than or equal to 10-Gbps, allows traffic encryption at the physical layer and provides secure server, border leaf, and leaf-to-spine connectivity.

 

Look reference document :

 

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-736651.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
smutel
Level 1
Level 1
In response to balaji.bandi

‎12-11-2018 06:36 PM

Thanks Balaji. You are right, Remote leaf to Spine encryption is provided by MacSec, not CloudSec (Sorry for the confusion). CloudSec is for Mutli-site. All the FX switches do support MacSec on all ports, however ACI 4.0(x) is required.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License