cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1275
Views
5
Helpful
3
Replies

MACsec with SDA roadmap

kklyubin
Cisco Employee
Cisco Employee

Hi All,

Hope you’re doing well!

 

Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?

 

Any input would be very welcome

3 Replies 3

jedolphi
Cisco Employee
Cisco Employee

Hello Katerina,

Update: In Cisco SD-Access  2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf

Best regards, Jerome

Any new information? Link is dead by the way.

We support MACsec in SD-Access Fabric using templates or manual CLI.

 

  • Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.

  • Routing platforms have not been validated for MACsec in an SD-Access Fabric.

  • aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.

  • gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.

  • Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.