cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
1
Replies

Nexus 5010 Fixed Port - Group C (17-20) Encrypted Ethernet Port

fb_webuser
Frequent Contributor
Frequent Contributor

Can anybody, tell me if I can use the encrypted port as unencrypted ethernet ports?

cisco doc:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/hw/installation/guide/overview.html

Ports

Each individual port on the Cisco Nexus 5010 switch is numbered, and groups of ports are numbered based on their function. The ports are numbered top to bottom and left to right.

There are 20 to 28 ports on the Cisco Nexus 5010 switch, depending on which GEM is installed.

The 20 fixed ports form group 1 and are named 1/port_number. Ports 1 through 16 are unencrypted Ethernet ports. Of these, ports 1 through 8 are 10-Gigabit Ethernet and 1-Gigabit Ethernet-capable ports. Ports 17 through 20 are encryption-capable Ethernet ports.

---

Posted by WebUser David Alejandro Salazar Avila from Cisco Support Community App

1 Reply 1

leopastor
Beginner
Beginner

David, in order to use ports to encrypt they should be configured for that end, so in the "worst case" any port would be working fine as a "simple ethernet" port (provided that you do not configure it to do otherwise, in case it is capable, as usually is the case by default).

Anyway, there are more aspects to have in account here.

* Regarding the text in the document you referred to, what was meant is that those ports marked as "encrypted ports" (17-20) would support encryption on hardware, so they would have electronics associated to help with the encrypting function.

It seems that the referred feature did not go beyond that, ie, an intended feature.

* CTS, or Cisco Trustsec, is a security framework that is comprised of several components and present several features, one of which is the hop-by-hop, hardware supported encryption, also know as MACsec, or LinkSec encryption, or 802.1ae.

Now, Nexus 5000 Series Switches do NOT support CTS, while Nexus 5500 family does (even though it does NOT support MACsec!)

See, for instance, "Guidelines and Limitations for Cisco TrustSec", in "Cisco Trustsec" section here: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/521_n1_1/b_5k_Security_Config_521N11_chapter_0111.html#con_1188939

* The following table summarizes the features supported by TrustSec by Platform. There you can see that MACsec is NOT supported by N5K: http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html

Another related document, which also explains what Cisco TrustSec is At-A-Glance, you can find here:

http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/at_a_glance_c45-653057.pdf

* Finally, just in case, Nexus 5010 and 5020 have End-of-Sale dated November 27, 2012. You can see the announcement here:  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/eol_c51-709037.html

HTH

Leo Pastor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers