Re: WAN layer 2 encryption, possible?

avanzaadmin · ‎01-25-2011

Hi folk

I got a quick case here where an operator want's a layer 2, ethernet, trunk link between two sites to be encrypted. The endpoints are Cat 6513 running SXF5. Is there some way to encrypt using IOS, a Catalys application module or do I have to look for an appliance?

Regards

Fredrik

goncalo_gil · ‎01-26-2011

HI Fredik,

You have a few options.

L2TP has been around for a while.

You also have newer solution like Cisco TrustSec (MACsec) Layer which is based on the 802.1AE standard.

MACsec uses 128-bit AES encryption.

http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/config.pdf

I hope it helps.

Regards

Gonçalo

cmanzo · ‎03-24-2011

Hi guys!

Looking for a L2 wan point to point encryption solution, I did some basic research about MACSEC/TRUSTSEC, and I want to confirm with you what I have observed:

-TrustSec is the Cisco implementation for MSCSEC (IEEE 802.1AE).

-TurstSec has been created for a whole solution of encryption, integrity, authentication, where the whole the network is speaking TrustSec. Additionaly, TrustSec works together other sec devices and protocols (NAC, 802.1X, ACS).

-TrustSec could authenticate/authorizate a user or device taging his frame L2.

-Here a brief Solution Overview:

http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/solution_overview_c22-591771.html

-->Can someone confirm my perception that TrustSec is a whole solution for L2 encryption, authentication and integrity?

-->Do someone knows a solution (device or protocol) to encrypt a L2 wan point to point (a inter-site L2 trunk for example)??

Best regards,

Carlos Manzo