Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3432
Views
5
Helpful
6
Replies

MACsec with SDA roadmap

kklyubin
Cisco Employee
Cisco Employee

‎04-09-2020 01:29 AM

Hi All,

Hope you’re doing well!

 

Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?

 

Any input would be very welcome

3 people had this problem
Labels:
0 Helpful
6 Replies 6

jedolphi
Cisco Employee
Cisco Employee

‎04-09-2020 03:15 AM - edited ‎09-06-2021 08:22 PM

Hello Katerina,

Update: In Cisco SD-Access  2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf

Best regards, Jerome

0 Helpful

M@rco
Level 1
Level 1
In response to jedolphi

‎05-11-2022 01:02 PM

Any new information? Link is dead by the way.

0 Helpful

Jonathan Cuthbert
Cisco Employee
Cisco Employee
In response to M@rco

‎05-11-2022 02:02 PM - edited ‎05-11-2022 02:04 PM

We support MACsec in SD-Access Fabric using templates or manual CLI.

 

  • Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.

  • Routing platforms have not been validated for MACsec in an SD-Access Fabric.

  • aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.

  • gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.

  • Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.

fernando-diaz
Level 1
Level 1
In response to Jonathan Cuthbert

‎10-23-2024 09:43 PM

Hello Jonathan,

It's a pleasure to greet you.

I want to know in what exact scenario MACSEC switch-to-host works in SD-Access.
I currently have an SD-Access network and the MACSEC switch-to-host generates problems when DHCP negotiation of the host. With MACSEC enabled, the host does not receive an IP address.

 Do you have any Cisco documents showing that MACSEC Switch-to-host is supported in SD-Access networks?

0 Helpful

norberto.padin
Level 1
Level 1
In response to Jonathan Cuthbert

‎11-15-2024 12:36 PM

Hello Jonatahan, as of today code, do we support host-to-switch MacSec with SD-Access in the Cat9300?

TIA.

0 Helpful

jedolphi
Cisco Employee
Cisco Employee
In response to norberto.padin

‎11-18-2024 02:27 AM

Largely not supported unfortunately. Please speak to your sales team about roadmap. See TrustSec section of 17.15 release notes, https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-15/release_notes/ol-17-15-9300.html

 

0 Helpful
Customers Also Viewed These Support Documents