removed

rgaudrault · ‎01-31-2011

removed

paolo bevilacqua · ‎01-31-2011

Can you rephrase that and maybe attach a digram ?

rgaudrault · ‎01-31-2011

I have update, thanks for any help you can provide.

hobbe · ‎01-31-2011

Hi

I do not think that you can do that with an etherchannel.

shure you can do load balancing and so on but i do not think the etherchannel will like an encryption engine in one link of the the etherchannel and one in another.

To be honest this looks like recipe for disaster.

If i were you and I needed an encrypted link I would look into 802.1ae and the new breed of switches that is coming up.

good luck

rgaudrault · ‎02-01-2011

MACSec is not end to end encryption, and that is what the customer requires. This is an Ethernet encryptor that leaves the MAC header clear and encrypts layer 3 and above. They are only using EtherChannel to allow quick recovery of a failed condition, not for the added bandwidth. We may have to redesign to allow this network to function.

hobbe · ‎02-01-2011

Ok fair enough.

You are absolutely right it is not end to end encryption.

Can you paste the make and model of your encryption devices ?

it might make things easier to find information on how they handle things.

Good luck

HTH

rgaudrault · ‎02-01-2011

removed

hobbe · ‎02-01-2011

Hi

You say that you want to use it for "failover purposes"

Maybe you can use link state tracking ?

I can not find how they are working or how they are configured and you mentioned that you needed a link for some information like key exchange and stuff.

If nothing else I am shure you will be able to do some things with TCL to make it work.

HTH