Solved: Re: Macsec frames being blocked - Bypass?

simoesmarco8626982 · ‎03-01-2022

Hi all,

hope to find everyone well

I'm currently having an issue where I have two switches Catalyst 9300 connected to each other via two radios (little image exemplifying the connection) but I'm having issues applying MACSec between both switches. I was told that this radios were totally transparent but that is not case...

I configure the CTS and applied the key on both switches, but the two radios that are transporting the data between switches don't seem to pass the frames 0x88e5 created by macsec. Due to this I can't find a way to put the switches to talk with each other.

Is there any way for me to be able to "bypass" this?

The supplier of the radios told me to look at Wan MacSec https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2016/WP-WAN-MACsecDep-Aug2016.pdf , do the Catalysts support this? Is this a viable solution to tinker the macsec frames in order to make the frames able to pass trough the radios?

Hope you can help

Thank you

simoesmarco8626982 · ‎03-14-2022

Hi all,

discovered that there's no way of bypassing this according to Cisco but fortunately was able to "convince" the radio manufacturer to see if it can find a way to forward the packets as if it was a totally transparent tunnel. Hopefully they will and this will be able to work

Thank you

View solution in original post

simoesmarco8626982 · ‎03-14-2022

Hi all,

discovered that there's no way of bypassing this according to Cisco but fortunately was able to "convince" the radio manufacturer to see if it can find a way to forward the packets as if it was a totally transparent tunnel. Hopefully they will and this will be able to work

Thank you