Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
1
Replies

Cisco Trustsec across QinQ provider network

cbeswick
Level 1
Level 1

‎06-26-2014 11:37 PM - edited ‎03-07-2019 07:50 PM

Hi,

We are thinking of using manual CTS encryption on either natively routed ports, or Vlans / SVIs  (Nexus 7ks) to form OSPF adjacencies, but need to understand if this will work across a providers QinQ network. It is my understanding that Trustsec encrypts the 802.1q VLAN tag so ultimately the WAN Provider will receive an untagged packet. So in both cases whether we use a natively routed port, or a Vlan with SVIs, the frames will be untagged.

So I suppose what I am asking is: Can a QinQ WAN provider accept untagged frames, or do frames have to ingress into the providers network with an underlying Vlan Tag in place?

 

Thanks in advance.

 

Chris.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

kerstin-534
Level 1
Level 1

‎06-30-2014 01:29 AM

Hi Chris,

from my tests MacSEC (manual CTS) does not work across QinQ because gcm-encrypt does authenticate via 802.1x (EAPOL frames). And EAPOL ist not tunneled. EAPOL is grabbed by the QinQ interface.

br Fritz

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card