Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
1
Replies

MACSec questions

wkunice
Level 1
Level 1

‎04-07-2017 07:08 PM - edited ‎02-21-2020 06:02 AM

We have two 3850 switches.  We need to run MACsec between the switches but connect the switches with a wireless point-to-point link.   I have questions about this:

1. Does the PtP link required to understand MACsec, support the ethernet type, multicast destination MAC etc.

2. Should STP be enabled on both the PtP link switches to get MACsec to work?

3. We have a 5-port NetGear Hub and a 5-port NetGear Switch.  MACsec doesn't work when we connect the switches through the hub, but it does work when we connect them through the switch.  I am curious as to how the cisco figures out when it is attached to the hub...

Thanks,

K-

0 Helpful
1 Reply 1

keanej
Level 3
Level 3

‎04-25-2017 02:21 AM

I'd imagine the devices between the MACSEC Switches are going to struggle to correctly pass on the traffic.

As far as I know the entire frame payload in encrypted, this payload will make no sense to an upstrem device not running MACSEC.

The easiest solution, if I were you, would be...

Get the two MacSec Switches working in the lab, back to back with a fibre or ethernet connection, so you can fully confirm your configuration is correct.

Make sure you are happy they are communicating freely.

Then place your devices, hubs etc between and see if things break.

The fact that the netgear switch works at all is surprising.

I don't see how you are going get this working across a wireless link thought !!

Regards to your second question - yes spanning tree CDP VTP are all supported - once the switches are directly connected.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card