07-01-2016 08:06 AM - edited 03-05-2019 04:20 AM
Hello,
i want to use trustsec switch-to-switch link security in manual mode between a 3560CX and an IE5000
datasheet of IE5000: macsec is supported
configuration between two 3560cx is simple, only cts and key within the interface, and it works.
but the ie5000 : i find in any notes only samples with Cisco TrustSec SXP L3.
has someone configured a link encryption on ie5000 ?
any samples and ideas will be great
thanks
02-13-2017 05:43 AM
Hi Swelsch,
I want to use 3560CX swithes for switch-to-switch encription. May I use sfp uplink ports for that? What IOS you used for 3560CX?
Thanks
04-25-2017 01:20 AM
Hi Mario,
sorry about the late response,
i use the lateste IOS version, but it works also with any other version on the 3560CX, only the IE5000 needs min. 15-2.5
you can use ports whatever you want, it works
05-08-2017 05:54 AM
Hi Swelsch,
Thanks for answer. Did you used uplink ports for trustsec/macsec?
In Cisco document (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_4_e/configurationguide/b_1524e_consolidated_3560cx_2960cx_cg/b_1524e_consolidated_3560cx_2960cx_cg_chapter_01010011.html) downlink ports support trustsec ("All downlink ports on the switch can run Cisco TrustSec MACsec link layer switch-to-switch security.") but for me it is normal that uplink ports support trustsec/macsec.
Thanks
05-09-2017 12:31 AM
Hi Mario,
within the 3560CX-8TC-S i use the uplinks ( SFP or T ) for macsec, G0/9-12
the only case it never works for now is to connect the uplink ports of a IE-5000-16S12P via macsec to a 3560CX-8TC-S
I have opened a case, because it works on all downlink ports of the IE5000, but not on the uplink ports
07-12-2017 12:11 AM
Hi,
since now, it is not fixed
but i heard from an expert, that the IE5000 use a different method for key exchange in macsec on uplink ports than on downlink ports, even if it's manual.
so manual macsec between two IE5000 on uplink should work, but not between IE5000 and any other catalyst, that works only between IE5000 downlink ports and any other catalyst
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide