Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1693
Views
0
Helpful
1
Replies

How to get MACsec on Cisco routers

andreas.jorgensen
Level 1
Level 1

‎08-25-2015 11:10 PM - edited ‎02-20-2020 09:43 PM

Hi all!

I have a question here regarding MACsec on routers which I cant find out. Ill be very concise and short here to present the situation easily, but if something is missing in the question, please let me know.

My background: I have not worked too much with Cisco, but I do have a CCNP after intense studying, so you can be some sort of advanced in your answers :)

Scenario: I have a core network with different Cisco routers (1712, 1812, 3745, 3925 etc...) and the business wants to implement MACsec on every link between these routers, and my job is to find a cost estimate for this. As I have understood (hopefully correctly), you can not purely implement that, you need some sort of physical device/module before you can start doing this?

In this PDF: https://clnv.s3.amazonaws.com/2015/usa/pdf/BRKRST-2309.pdf they refer to these routers as "MACsec Capable Routers" when they illustrate the consepts of MACsec, and the only extra thing I can extract from the PDF is that there is a link requirement which is:
"Requires dedicated MetroE
EVC circuits for L2 connectivity between sites"

  
Anyways, I have a problem getting further here in my task. Does anyone know what I am talking about?
Thanks a lot!
Labels:
0 Helpful
1 Reply 1

Peter Koltl
Level 7
Level 7

‎09-06-2015 12:24 PM

These routers are not capable of 802.1AE (MACsec) except ISR G2 2900/3900 with a MACsec-capable EtherSwitch Service Module.

 

Cisco SM-X Layer 2/3 EtherSwitch Service Module

0 Helpful
Customers Also Viewed These Support Documents