Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1555
Views
0
Helpful
4
Replies

L2 encryption

nika.katsitadze
Level 1
Level 1

‎09-06-2012 01:40 AM - edited ‎03-07-2019 08:43 AM

Hello

I have 2 sites connected with dark fiber. and i want to encrypt data between this sites. which switch will encrypt data ?

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎09-06-2012 02:04 AM

You are looking for MacSec, which is supported on a couple of the newer switches as the 3750-X:

http://www.cisco.com/en/US/partner/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-06-2012 02:31 AM

HI Nika,

If yor are saying L2 Encryption then :

The feature you're looking for is called MACSec http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/config.html

Devices that support MACSec are 3560-X , 3750-X, 4500, 6500 and Nexus 7000.(Better to consult with cisco)

It seems it's not supported on plain 3560 and 3750.

My suggestion:

Frankly speaking, if you have 2 ASAs you would simply run a site-to-site VPN between the 2 sites and use IPSEC to encrypt the traffic.

Regards

Please rate if it helps.

0 Helpful

Karsten Iwen
VIP
VIP
In response to Sandeep Choudhary

‎09-06-2012 04:39 AM 

Frankly speaking, if you have 2 ASAs you would simply run a site-to-site VPN between the 2 sites and use IPSEC to encrypt the traffic.

That will probably not the best solution. You need the expensive high-end-models to transmit the data with gigabit or more, and you lose flexibility as it will always be a routed solution with ASA-VPNs.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Karsten Iwen

‎09-06-2012 05:07 AM

Hi Karsten,

Thanks for answer.

That will probably not the best solution. You need the expensive high-end-models to transmit the data with gigabit or more, and you lose flexibility as it will always be a routed solution with ASA-VPNs.


i told this solution because not many switches support the MACSec even still not clear that which swithes support or which not, so best option to use is site to site vpn connection between 2 remote office with ASAs and you can encrypt the traffice with IPSEC.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card