Hope you’re doing well!
Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?
Any input would be very welcome
Update: In Cisco SD-Access 2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf
Best regards, Jerome
Any new information? Link is dead by the way.
We support MACsec in SD-Access Fabric using templates or manual CLI.
Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.
Routing platforms have not been validated for MACsec in an SD-Access Fabric.
aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.
gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.
Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: