12-07-2018 06:07 PM - edited 03-01-2019 05:43 AM
Hello,
We are looking to connect a pair of remote leaf switches to our ACI fabric, however we want to make sure that all traffic between this pair of remote leaf switches and the ACI fabric (spines) is encrypted. Based on some reading, it looks like this is achieved through the use of encrypted CloudSec tunnels established between the spine switches and the remote leaf switches. Can you confirm this first point?
Do you know which hardware support Cloudsec encryption? Our ACI fabric uses 9364C as Spine switches and looks like the last 16 ports do support Cloudsec. However I am not clear about which remote leaf switches support Cloudsec encryption? FX switches only? All the switches in the FX family or just the FX2?
Thanks,
Solved! Go to Solution.
12-08-2018 09:04 AM
IEEE 802.1ae MAC Security (MACsec) support on all ports of 9300-FX models with speed greater than or equal to 10-Gbps, allows traffic encryption at the physical layer and provides secure server, border leaf, and leaf-to-spine connectivity.
Look reference document :
12-08-2018 09:04 AM
IEEE 802.1ae MAC Security (MACsec) support on all ports of 9300-FX models with speed greater than or equal to 10-Gbps, allows traffic encryption at the physical layer and provides secure server, border leaf, and leaf-to-spine connectivity.
Look reference document :
12-11-2018 06:36 PM
Thanks Balaji. You are right, Remote leaf to Spine encryption is provided by MacSec, not CloudSec (Sorry for the confusion). CloudSec is for Mutli-site. All the FX switches do support MacSec on all ports, however ACI 4.0(x) is required.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide