11-11-2024 11:34 PM
Hello
I want to ask if 6509 E switch support GETVPN because I didn't find GDOI under crypto.
Actually I need to encrypt MPLS links between ASR 9010 P router and 6500 PE until I get replacement of these devices. and if it not support what is the best option to encrypt the MPLS traffic and not impact real time packets like voice/video traffic.
Thank you
11-11-2024 11:44 PM
if GDOI is not found then you can not use GETVPN |
you can apply IPSec since it only P2P
MHM
01-07-2025 12:29 AM
Hello @w-abulhamid
The Cisco Catalyst 6500 series switches, including the 6509-E, do not natively support GETVPN (Group Encrypted Transport VPN) because they lack support for the GDOI (Group Domain of Interpretation) protocol, which is a key component of GETVPN. GETVPN is typically supported on Cisco routers and some high-end platforms like the ASR series, but not on the Catalyst 6500 series.
Since the Catalyst 6500 does not support GETVPN, you will need to consider alternative encryption methods that can work with your existing hardware and minimize the impact on real-time traffic like voice and video. Here are some options:
If encryption is critical and you need to minimize the impact on real-time traffic, the external encryption device option is likely the best choice. These devices are purpose-built for encryption and can handle high-throughput traffic with minimal latency, ensuring that voice and video traffic are not significantly impacted.
Additionally, regardless of the encryption method you choose, ensure that QoS is properly configured to prioritize real-time traffic (e.g., using DSCP markings for voice and video) to mitigate the impact of encryption on latency-sensitive applications.
Hope This Helps!!!
AshSe
Forum Tips:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide