cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
171
Views
0
Helpful
2
Replies

Nexus 93180YC-FX supports Cisco TrustSec (CTS)?

Hello guys,

 

Yesterday I tried to configure CTS between two pairs of N9K 93180YC-FX with SEC-Licenses, but there is no that kind of feature at all. So my question is, what am I supposed to configure as encryption mechanism between pairs of switches in different geographical regions? MACsec should be the protocol between switch and endpoint, TrustSec is the one between switches. I've done it many times using TrustSec on Catalyst devices, but right now I'm a little confused what to do.

 

Please share with me some configuration guide, regarding how to encrypt traffic between 2 switches :)

 

Thanks in advance,

 

Boyko Kostadinov

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Nexus 93180YC-FX supports Cisco TrustSec (CTS)?

Hi

Never done on this specific models.
Based on the doc, macsec is supported on this specific model:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x_chapter_011001.html

It says:
MACsec is supported on Cisco Nexus N9K-C93240YC-FX2, N9K-C9336C-FX2, N9K-C93108TC-FX, N9K-C93180YC-FX platform switches and the N9K-X9736C-FX and N9K-X9732C-EXM line cards

This means, if you have the security license and enable the feature using the command: feature macsec, you should be and to configure it.

If I recall on version 7, it wasn't supported. Are you running the 9.2 version?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor

Re: Nexus 93180YC-FX supports Cisco TrustSec (CTS)?

Hi

Never done on this specific models.
Based on the doc, macsec is supported on this specific model:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x_chapter_011001.html

It says:
MACsec is supported on Cisco Nexus N9K-C93240YC-FX2, N9K-C9336C-FX2, N9K-C93108TC-FX, N9K-C93180YC-FX platform switches and the N9K-X9736C-FX and N9K-X9732C-EXM line cards

This means, if you have the security license and enable the feature using the command: feature macsec, you should be and to configure it.

If I recall on version 7, it wasn't supported. Are you running the 9.2 version?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Highlighted

Re: Nexus 93180YC-FX supports Cisco TrustSec (CTS)?

Hello Francesco,

 

Yeah, based on this exact same document and this particular line:

 

"Beginning with Cisco Nexus Release 9.2(1), MACsec is supported on Cisco Nexus 93180YC-FX" 

 

I upgraded the NX-OS to the most recent version- 9.3.3, but still the only option regarding Layer 2 encryption is MACsec.

 

I've contacted our local Cisco representatives and they confirmed that I should configure "MKA policy" and hope everything will will work smoothly. 

 

Thanks for your kind answer and wish you a successful week.

 

Boyko Kostadinov