Hope you’re doing well!
Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?
Any input would be very welcome
Update: In Cisco SD-Access 2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf
Best regards, Jerome
Any new information? Link is dead by the way.
We support MACsec in SD-Access Fabric using templates or manual CLI.
Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.
Routing platforms have not been validated for MACsec in an SD-Access Fabric.
aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.
gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.
Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.