Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
10
Helpful
5
Replies

IE5000 and macsec/trustsec

swelsch
Level 1
Level 1

‎07-01-2016 08:06 AM - edited ‎03-05-2019 04:20 AM

Hello,

i want to use trustsec switch-to-switch link security in manual mode between a 3560CX and an IE5000

datasheet of IE5000: macsec is supported

configuration between two 3560cx is simple, only cts and key within the interface, and it works.

but the ie5000 : i find in any notes only samples with Cisco TrustSec SXP L3.

has someone configured a link encryption on ie5000 ?

any samples and ideas will be great

thanks

Labels:
0 Helpful
5 Replies 5

Mario Erceg
Level 1
Level 1

‎02-13-2017 05:43 AM

Hi Swelsch,

I want to use 3560CX swithes for switch-to-switch encription. May I use sfp uplink ports for that? What IOS you used for 3560CX?

Thanks

0 Helpful

swelsch
Level 1
Level 1
In response to Mario Erceg

‎04-25-2017 01:20 AM

Hi Mario,

sorry about the late response, 

i use the lateste IOS version, but it works also with any other version on the 3560CX, only the IE5000 needs min. 15-2.5

you can use ports whatever you want, it works

Mario Erceg
Level 1
Level 1
In response to swelsch

‎05-08-2017 05:54 AM

Hi Swelsch,

Thanks for answer. Did you used uplink ports for trustsec/macsec?

In Cisco document (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_4_e/configurationguide/b_1524e_consolidated_3560cx_2960cx_cg/b_1524e_consolidated_3560cx_2960cx_cg_chapter_01010011.html) downlink ports support trustsec ("All downlink ports on the switch can run Cisco TrustSec MACsec link layer switch-to-switch security.") but for me it is normal that uplink ports support trustsec/macsec.

Thanks

0 Helpful

swelsch
Level 1
Level 1
In response to Mario Erceg

‎05-09-2017 12:31 AM

Hi Mario, 

within the 3560CX-8TC-S i use the uplinks ( SFP or T ) for macsec, G0/9-12 

the only case it never works for now is to connect the uplink ports of a IE-5000-16S12P via macsec to a 3560CX-8TC-S

I have opened a case, because it works on all downlink ports of the IE5000, but not on the uplink ports

swelsch
Level 1
Level 1
In response to swelsch

‎07-12-2017 12:11 AM

Hi,

since now, it is not fixed

but i heard from an expert, that the IE5000 use a different method for key exchange in macsec on uplink ports than on downlink ports, even if it's manual.

so manual macsec between two IE5000 on uplink should work, but not between IE5000 and any other catalyst, that works only between IE5000 downlink ports and any other catalyst

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card