Solved: Re: Network Link Encryption

simoesmarco8626982 · ‎10-13-2021

Hi all,

hope to find everyone well in this times

I had a request from a costumer where he said that I need to have all the network links encrypted but I have no clue how to implement this.

Basically the core of the network is comprised by Cisco 9300L in a ring disposition where all the packets are being routed from switch to switch by EIGRP. I know I won't be able to apply encryption in simple L2 managed switches but is it possible to encrypt all the data passing trough to the core of the network?

Also in the opinion of all, what's the best way to encrypt like the costumer requested, all the links of the network?

Thank you for the help

balaji.bandi · ‎10-13-2021

On Layer 2 you can do MACSEC on Cat 9300

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rob Ingram · ‎10-13-2021

Hi @simoesmarco8626982

You can implement MACSec on a hop-by-hop basis, between switch from the access layer to distribution to core.

https://community.cisco.com/t5/networking-documents/configuring-macsec-switch-to-switch-with-pre-shared-key/ta-p/4436093

https://community.cisco.com/t5/networking-documents/macsec-history-amp-terminology/ta-p/4436094

If you wish to encrypt from the user's computer to the access layer switch, you'd need AnyConnect.

https://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/117277-config-anyconnect-00.html