10-15-2012 02:19 PM - edited 03-04-2019 05:51 PM
Can anybody, tell me if I can use the encrypted port as unencrypted ethernet ports?
cisco doc:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/hw/installation/guide/overview.html
Ports
Each individual port on the Cisco Nexus 5010 switch is numbered, and groups of ports are numbered based on their function. The ports are numbered top to bottom and left to right.
There are 20 to 28 ports on the Cisco Nexus 5010 switch, depending on which GEM is installed.
The 20 fixed ports form group 1 and are named 1/port_number. Ports 1 through 16 are unencrypted Ethernet ports. Of these, ports 1 through 8 are 10-Gigabit Ethernet and 1-Gigabit Ethernet-capable ports. Ports 17 through 20 are encryption-capable Ethernet ports.
---
Posted by WebUser David Alejandro Salazar Avila from Cisco Support Community App
10-16-2012 07:35 PM
David, in order to use ports to encrypt they should be configured for that end, so in the "worst case" any port would be working fine as a "simple ethernet" port (provided that you do not configure it to do otherwise, in case it is capable, as usually is the case by default).
Anyway, there are more aspects to have in account here.
* Regarding the text in the document you referred to, what was meant is that those ports marked as "encrypted ports" (17-20) would support encryption on hardware, so they would have electronics associated to help with the encrypting function.
It seems that the referred feature did not go beyond that, ie, an intended feature.
* CTS, or Cisco Trustsec, is a security framework that is comprised of several components and present several features, one of which is the hop-by-hop, hardware supported encryption, also know as MACsec, or LinkSec encryption, or 802.1ae.
Now, Nexus 5000 Series Switches do NOT support CTS, while Nexus 5500 family does (even though it does NOT support MACsec!)
See, for instance, "Guidelines and Limitations for Cisco TrustSec", in "Cisco Trustsec" section here: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/521_n1_1/b_5k_Security_Config_521N11_chapter_0111.html#con_1188939
* The following table summarizes the features supported by TrustSec by Platform. There you can see that MACsec is NOT supported by N5K: http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
Another related document, which also explains what Cisco TrustSec is At-A-Glance, you can find here:
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/at_a_glance_c45-653057.pdf
* Finally, just in case, Nexus 5010 and 5020 have End-of-Sale dated November 27, 2012. You can see the announcement here: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/eol_c51-709037.html
HTH
Leo Pastor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide