Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
5
Helpful
2
Replies

Can Cisco device work with other vender device for MACSEC function in switch-to-switch mode?

Go to solution
LunY
Level 1
Level 1

‎04-06-2021 11:39 PM

We want to implement a feature like this: transfer data encrypted by MACSEC between the uplink ports on our device with Cisco's device in switch-to-switch mode. (The CAK is manually configured. SAK is generated and updated following MKA protocol. Calling MACSEC API to configure PHY chip.)

Is it possible to create a MACSEC link between a Cisco device and another vendor device in switch-to-switch mode? (I saw that "Cisco TrustSec device" is required for MACSEC feature) If it can, what's the configure on the Cisco device side?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎04-07-2021 02:53 AM

Hello
I would have thought it would be however It seems non cisco isn’t supported, unless that is ive misinterpreted the MACsec documentation.

MACSEC:
Two keying mechanisms are available: Security Association Protocol (SAP) and MAC Security Key Agreement (MKA).
SAP is a proprietary Cisco®keying protocol used between Cisco switches


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Go to solution
paul driver
VIP
VIP

‎04-07-2021 02:53 AM

Hello
I would have thought it would be however It seems non cisco isn’t supported, unless that is ive misinterpreted the MACsec documentation.

MACSEC:
Two keying mechanisms are available: Security Association Protocol (SAP) and MAC Security Key Agreement (MKA).
SAP is a proprietary Cisco®keying protocol used between Cisco switches


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
LunY
Level 1
Level 1
In response to paul driver

‎04-07-2021 05:54 AM

Hi Paul,

 

Thanks for your reply. By searching your comments as the keyword, I got the guide

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/how_to_intro_macsec_ndac_guide.pdf

Inside the guide, it describes "the switch-to-switch encryption uses Cisco’s proprietary SAP instead of MKA", be consistant with your reply.

 

Regards,

Lun

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card