Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1669
Views
0
Helpful
2
Replies

Nexus 93180YC-FX supports Cisco TrustSec (CTS)?

Go to solution
boykokostadinov88
Level 1
Level 1

‎02-07-2020 03:45 AM

Hello guys,

 

Yesterday I tried to configure CTS between two pairs of N9K 93180YC-FX with SEC-Licenses, but there is no that kind of feature at all. So my question is, what am I supposed to configure as encryption mechanism between pairs of switches in different geographical regions? MACsec should be the protocol between switch and endpoint, TrustSec is the one between switches. I've done it many times using TrustSec on Catalyst devices, but right now I'm a little confused what to do.

 

Please share with me some configuration guide, regarding how to encrypt traffic between 2 switches :)

 

Thanks in advance,

 

Boyko Kostadinov

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-07-2020 09:02 PM

Hi

Never done on this specific models.
Based on the doc, macsec is supported on this specific model:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x_chapter_011001.html

It says:
MACsec is supported on Cisco Nexus N9K-C93240YC-FX2, N9K-C9336C-FX2, N9K-C93108TC-FX, N9K-C93180YC-FX platform switches and the N9K-X9736C-FX and N9K-X9732C-EXM line cards

This means, if you have the security license and enable the feature using the command: feature macsec, you should be and to configure it.

If I recall on version 7, it wasn't supported. Are you running the 9.2 version?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-07-2020 09:02 PM

Hi

Never done on this specific models.
Based on the doc, macsec is supported on this specific model:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/security/configuration/guide/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x/b-cisco-nexus-9000-nx-os-security-configuration-guide-92x_chapter_011001.html

It says:
MACsec is supported on Cisco Nexus N9K-C93240YC-FX2, N9K-C9336C-FX2, N9K-C93108TC-FX, N9K-C93180YC-FX platform switches and the N9K-X9736C-FX and N9K-X9732C-EXM line cards

This means, if you have the security license and enable the feature using the command: feature macsec, you should be and to configure it.

If I recall on version 7, it wasn't supported. Are you running the 9.2 version?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
boykokostadinov88
Level 1
Level 1
In response to Francesco Molino

‎02-10-2020 12:05 AM

Hello Francesco,

 

Yeah, based on this exact same document and this particular line:

 

"Beginning with Cisco Nexus Release 9.2(1), MACsec is supported on Cisco Nexus 93180YC-FX" 

 

I upgraded the NX-OS to the most recent version- 9.3.3, but still the only option regarding Layer 2 encryption is MACsec.

 

I've contacted our local Cisco representatives and they confirmed that I should configure "MKA policy" and hope everything will will work smoothly. 

 

Thanks for your kind answer and wish you a successful week.

 

Boyko Kostadinov

0 Helpful
Customers Also Viewed These Support Documents