Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4679
Views
0
Helpful
3
Replies

MACSec possible with IEEE 802.1Q Tunneling ?

kerstin-534
Level 1
Level 1

‎04-17-2012 08:48 AM - edited ‎02-21-2020 02:48 AM

Use Case:

To use MACSec between 2 Catalyst 3560-X on both sides with a provider network between that is configured for

IEEE 802.1Q Tunneling ?

Since MACSec uses 0x88e5 Frames and the Cisco SAP protocol uses 802.1x for negotiation, can that be

working ?

(I haven't success)

As there anybody who can confirm it can work and it how is done, please tell me.

best regards,

Herbert

Labels:
0 Helpful
3 Replies 3

Eduardo Garcia
Level 1
Level 1

‎01-29-2013 09:29 AM

Yes, you need a device that can tunnel 802.1x via L2PT.

L2PT is not needed in EoMPLS as all control packets pass untouched, this is why EoMPLS works.

0 Helpful

tbleise
Level 1
Level 1
In response to Eduardo Garcia

‎07-29-2013 06:43 AM

Hello Eduardo,

reading the config guide of the Nexus 7k

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_qinq_tunnel.html#wp1091505

this sounds like the Nexus 7k would tunnel the 802.1x frames as soon as I switch on

interface ethernet xxx

switchport mode dot1q-tunnel

l2protocol-tunnel

Is that true? Or does any other Cisco Device  tunnel 802.1x via L2PT? For example the metro switches?

Thank you!

   Thorsten

0 Helpful

Eduardo Garcia
Level 1
Level 1
In response to tbleise

‎07-29-2013 10:33 AM

That Nexus is only capable of tunneling CDS, STP and VTP.

EoMPLS tunnels all (e.g. 802.1x) without modification to the destination mac-address.

0 Helpful
Customers Also Viewed These Support Documents