cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1020
Views
0
Helpful
4
Replies

Cisco ASR-1001HX and MACsec support on port-channel

Netgizmo86
Level 1
Level 1

Hi ,

  Is MACsec encryption supported either on port-channel or on member 10Gbps ports in a port-channel on a Cisco ASR1001-HX ?

I am slightly confused looking at the documentation

 

MACsec and MKA Configuration Guide - WAN MACSEC and MKA Support Enhancements [Cisco ASR 1000 Series Aggregation Services Routers] - Cisco

 

Thank you

2 Accepted Solutions

Accepted Solutions

It is not supported on channel and not in interface part of the channel:

 

MACsec configuration on Ether Channel (Link bundling) is not supported.

Any interface configured with MACsec cannot be part of Ether Channel.

View solution in original post

Looks like Router works in different way i guess here : i rad the document again for ASR

 

looks like the Limitations :

 

 

  • MACsec configuration on Ether Channel (Link bundling) is not supported.

  • Any interface configured with MACsec cannot be part of Ether Channel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

It is not supported on channel and not in interface part of the channel:

 

MACsec configuration on Ether Channel (Link bundling) is not supported.

Any interface configured with MACsec cannot be part of Ether Channel.

balaji.bandi
Hall of Fame
Hall of Fame

As per i know when we tested using Cat 9500 below was achieved. :

 

MACsec configuration is not supported on EtherChannel ports. Instead, MACsec configuration can be applied on the individual member ports of an EtherChannel. To remove MACsec configuration, you must first unbundle the member ports from the EtherChannel, and then remove it from the individual member ports.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks Balaji , agreed for 9000. However my question specific to ASR1001 as  I think that is the limitation we have on ASR1000 platform. 

Looks like Router works in different way i guess here : i rad the document again for ASR

 

looks like the Limitations :

 

 

  • MACsec configuration on Ether Channel (Link bundling) is not supported.

  • Any interface configured with MACsec cannot be part of Ether Channel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card