04-21-2018 08:12 PM - edited 03-01-2019 01:43 PM
Hi all,
I am new to Nexus. I couldn't find any information about encrypted port (port 33 - 40) as mention in Nexus 5020 hardware installation guide. Hope to get help from the community
I would like to know what is the purpose of encrypted port and how it different from non encrypted port
I have mix environment of below. I need recommendation which port of N5k-C5020 suitable for which type of switch and devices.
For Top of rack access:
3 x FEX
2 x N3k-3048TP
2 x WS-4948-10G
2 x WS-C4948
For router uplink:
2 x server running vyos.
Thank you for help in advance.
Solved! Go to Solution.
04-24-2018 07:23 PM
Regarding the text in the document you referred to, what was meant is that those ports marked as "encrypted ports" (17-20) would support encryption on hardware, so they would have electronics associated to help with the encrypting function.
It seems that the referred feature did not go beyond that, ie, an intended feature.
* CTS, or Cisco Trustsec, is a security framework that is comprised of several components and present several features, one of which is the hop-by-hop, hardware supported encryption, also know as MACsec, or LinkSec encryption, or 802.1ae.
Now, Nexus 5000 Series Switches do NOT support CTS, while Nexus 5500 family does (even though it does NOT support MACsec!)
See, for instance, "Guidelines and Limitations for Cisco TrustSec", in "Cisco Trustsec" section here: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/521_n1_1/b_5k_Security_Config_521N11_chapter_0111.html#con_1188939
* The following table summarizes the features supported by TrustSec by Platform. There you can see that MACsec is NOT supported by N5K: http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
Another related document, which also explains what Cisco TrustSec is At-A-Glance, you can find here:
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/at_a_glance_c45-653057.pdf
* Finally, just in case, Nexus 5010 and 5020 have End-of-Sale dated November 27, 2012. You can see the announcement here: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/eol_c51-709037.html
04-22-2018 05:50 AM - edited 04-22-2018 06:00 AM
Greetings.
I would hope this is not going into a production environment as the 5010/5020 are no longer supported as of Nov of 2017, which means you can not open a TAC case or re-add them to a support contract.
5000 series limits: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_521/nexus_5000_config_limits_521.html#52991
Config guide, fex section: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_010000.html
Overall 5000 Models and features: https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5020-switch/product_bulletin_c25-462134.html
As far as I know, trust sec and Mac Sec are only supported on N5500, and not 5010/5020 models. I'm not sure the designated port-encryption was functional on the 5010/5020 models. You should be able to use those ports for regular Ethernet traffic.
All the 5010/5020 ports can run at 10Gb, with appropriate SFP , and depending on expansion modules you have present, you can have FCOE or native FC ports.
Thanks,
Kirk...
04-23-2018 09:16 PM
Hi Thank you for your reply.
If you refer to link below, it stated the 8 ports are encrypted port. I would like to know how it different from others port.
04-24-2018 07:23 PM
Regarding the text in the document you referred to, what was meant is that those ports marked as "encrypted ports" (17-20) would support encryption on hardware, so they would have electronics associated to help with the encrypting function.
It seems that the referred feature did not go beyond that, ie, an intended feature.
* CTS, or Cisco Trustsec, is a security framework that is comprised of several components and present several features, one of which is the hop-by-hop, hardware supported encryption, also know as MACsec, or LinkSec encryption, or 802.1ae.
Now, Nexus 5000 Series Switches do NOT support CTS, while Nexus 5500 family does (even though it does NOT support MACsec!)
See, for instance, "Guidelines and Limitations for Cisco TrustSec", in "Cisco Trustsec" section here: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/521_n1_1/b_5k_Security_Config_521N11_chapter_0111.html#con_1188939
* The following table summarizes the features supported by TrustSec by Platform. There you can see that MACsec is NOT supported by N5K: http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
Another related document, which also explains what Cisco TrustSec is At-A-Glance, you can find here:
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/at_a_glance_c45-653057.pdf
* Finally, just in case, Nexus 5010 and 5020 have End-of-Sale dated November 27, 2012. You can see the announcement here: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/eol_c51-709037.html
04-26-2018 02:28 AM
Thank you for your reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide