Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
4
Replies

Cisco ASR-1001HX and MACsec support on port-channel

Go to solution
Netgizmo86
Level 1
Level 1

‎04-21-2022 02:03 PM

Hi ,

  Is MACsec encryption supported either on port-channel or on member 10Gbps ports in a port-channel on a Cisco ASR1001-HX ?

I am slightly confused looking at the documentation

 

MACsec and MKA Configuration Guide - WAN MACSEC and MKA Support Enhancements [Cisco ASR 1000 Series Aggregation Services Routers] - Cisco

 

Thank you

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎04-21-2022 02:53 PM

It is not supported on channel and not in interface part of the channel:

 

MACsec configuration on Ether Channel (Link bundling) is not supported.

Any interface configured with MACsec cannot be part of Ether Channel.

View solution in original post

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Netgizmo86

‎04-22-2022 01:40 AM

Looks like Router works in different way i guess here : i rad the document again for ASR

 

looks like the Limitations :

 

 

  • MACsec configuration on Ether Channel (Link bundling) is not supported.

  • Any interface configured with MACsec cannot be part of Ether Channel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎04-21-2022 02:53 PM

It is not supported on channel and not in interface part of the channel:

 

MACsec configuration on Ether Channel (Link bundling) is not supported.

Any interface configured with MACsec cannot be part of Ether Channel.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-22-2022 12:30 AM

As per i know when we tested using Cat 9500 below was achieved. :

 

MACsec configuration is not supported on EtherChannel ports. Instead, MACsec configuration can be applied on the individual member ports of an EtherChannel. To remove MACsec configuration, you must first unbundle the member ports from the EtherChannel, and then remove it from the individual member ports.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Netgizmo86
Level 1
Level 1
In response to balaji.bandi

‎04-22-2022 12:40 AM

Thanks Balaji , agreed for 9000. However my question specific to ASR1001 as  I think that is the limitation we have on ASR1000 platform. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Netgizmo86

‎04-22-2022 01:40 AM

Looks like Router works in different way i guess here : i rad the document again for ASR

 

looks like the Limitations :

 

 

  • MACsec configuration on Ether Channel (Link bundling) is not supported.

  • Any interface configured with MACsec cannot be part of Ether Channel.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card