cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
0
Replies

Catalyst 8200L Router MACSec Support - clarification needed

Hello everyone,

We are looking to refresh a smaller air-gapped routed network with the new Cisco Catalyst 8200L routing platform. This network will just use standard routing protocols without SD-WAN or similar technology, and will not traverse any actual WAN. All routing routers are connected directly to each other via fiber links.

I have been looking into the ordering guide for these routers and it seems to be a bit unclear what kind of support for MACSec these routers have.

From my understanding, the Catalyst 8200L routers have 4 on-board Ethernet ports (2 x RJ45 and 2 x SFP) and can be expanded with more ports using the C-NIM-2T module which proves another set of (combo) ports where you can use either RJ45 or an SFP.

Now, according to the Catalyst 8200 FAQ, the onboard Ethernet ports do not support (WAN) MACSec.

Catalyst 8200L FAQ Link: Cisco Catalyst 8200 Series Edge Platforms FAQ - Cisco

Q.  Is WAN MACsec supported in the Catalyst 8200 Series Edge Platforms’ onboard Ethernet ports?
A.  No. MACsec is not supported on the onboard Ethernet ports.

There seems to be a distinction between LAN MACSec and WAN MACSec that is made unclear since the question above asks about WAN MACsec but the answer just include "MACSec", without WAN/LAN before it.

However, it seems that the ports that are available via the network modules DO support WAN MACSec, as per this documentation covering the different network modules:

https://www.cisco.com/c/en/us/products/collateral/routers/catalyst-8300-series-edge-platforms/catalyst-8000-gigabit-ethernet-wan-modules-ds.html#Productoverview

When looking at the Licensing guide for Catalyst 8200L router, it is stated that the DNA Essentials License should grant access to both the LAN MACSec (128-bit) and WAN MACSec (128-/256-bit) features.

C95-742999-12_Cisco_DNA_Software_SD-WAN_and_Routing_Matrices_v2a

Has anyone had their hands on one of these routers? Are you able to run "regular" (which I guess means LAN?) MACSec on all the built-in ports, and possibly on all the Network Modules ports as well? We really want to have MACSec on all interfaces, not just on those facing the "WAN", which are uplinks within the LAN in our case.

Our goal is to have MACSec enabled on every interconnecting link in this air-gapped network, but we are unsure if Catalyst 8200L is the right way to go for this.

 
0 Replies 0
Review Cisco Networking for a $25 gift card