04-06-2021 11:39 PM
We want to implement a feature like this: transfer data encrypted by MACSEC between the uplink ports on our device with Cisco's device in switch-to-switch mode. (The CAK is manually configured. SAK is generated and updated following MKA protocol. Calling MACSEC API to configure PHY chip.)
Is it possible to create a MACSEC link between a Cisco device and another vendor device in switch-to-switch mode? (I saw that "Cisco TrustSec device" is required for MACSEC feature) If it can, what's the configure on the Cisco device side?
Thanks
Solved! Go to Solution.
04-07-2021 02:53 AM
Hello
I would have thought it would be however It seems non cisco isn’t supported, unless that is ive misinterpreted the MACsec documentation.
MACSEC:
Two keying mechanisms are available: Security Association Protocol (SAP) and MAC Security Key Agreement (MKA).
SAP is a proprietary Cisco®keying protocol used between Cisco switches
04-07-2021 02:53 AM
Hello
I would have thought it would be however It seems non cisco isn’t supported, unless that is ive misinterpreted the MACsec documentation.
MACSEC:
Two keying mechanisms are available: Security Association Protocol (SAP) and MAC Security Key Agreement (MKA).
SAP is a proprietary Cisco®keying protocol used between Cisco switches
04-07-2021 05:54 AM
Hi Paul,
Thanks for your reply. By searching your comments as the keyword, I got the guide
Inside the guide, it describes "the switch-to-switch encryption uses Cisco’s proprietary SAP instead of MKA", be consistant with your reply.
Regards,
Lun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide