Macsec on mirror port

LionKin1984 · ‎03-03-2021

hello

Can macsec be applied to span/mirror port on the switches?

Thanks

Sheraz.Salim · ‎03-03-2021

You can use a netflow to see the traffic for macsec tags.

if you use a span/mirror to capture the packet but if the lin is encrypted (if you configured the encryption). you wont be ableto see it as they are encrypted. just like IPsec.

you question is specific Can macsec be applied to span/mirror port on the switches,

I am not sure to this one let see what others have to say on this.

please do not forget to rate.

balaji.bandi · ‎03-03-2021

Can macsec be applied to span/mirror port on the switches?

Cisco TrustSec and Cisco SAP are meant only for switch-to-switch links and are not supported on switch ports connected to end hosts, such as PCs or IP phones.

Between MACsec-capable devices, packets are encrypted on egress from the sending device, decrypted on ingress to the receiving device, and in the clear within the devices.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

LionKin1984 · ‎03-04-2021

hello, thanks for your replies, there is a typo in my original question, the question should be:

is it possible to apply macsec to RSPAN ports on the cisco switches?

the topology is:

there are two switches, SW1 and SW2, the traffic on SW1 needs to be forwarded to the wireshark device that is connected to SW2, i have configured the RSPAN on both switches and i can now see the traffic on the wireshark, so my question now is can the mirrored traffic between SW1 and SW2 be encrypted with macsec?

thanks