ā04-29-2023 08:33 AM
According to the configuration guide
that N9K-X9736C-FX line card support both breakout cable and MACsec function.
We would like to have a secure link between two switches. The link between N9K switch and a new Nexus switch might be a 1 GE or 10GE speed provided by local ISP.
Can I configure MACsec on a breakout port with remote Nexus switch's 10GE port or a breakout port?
ā04-29-2023 01:20 PM
As long as the other switch you are trying to connect to support MACsec, it should work. When using a breakout cable, MACsec policy applies to all ports and not just to one of them. Have a look at this config example between 2 switches.
HTH
ā04-29-2023 01:32 PM
Hi
As per the link you share, yes, you can. They mention, however, this restriction here:
"All breakout ports should have the same MACsec policy. However, the breakout ports can have different keychains. We do not support having some breakout ports with one MACsec policy and others with different MACsec policy. A port cannot be without a MACsec policy. If you do not configure a policy on an interface, by default, the system-default-macsec-policy is applied."
ā06-14-2023 02:42 AM
Just one more question regarding this issue:
Is there any obstacle to configure MACsec between Nexus and catalyst Switches?
Many thanks in advance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: