10-08-2019 03:57 AM
Hi All
Can anyone tell me if they use Macsec and why?
We have some ethernet circuits to remote sites and we need to look at encryption.
Is it easy to do switch to switch encryption, much config involved?
does this bring the throughput down on the switch or is it done in asics?
cheers
10-08-2019 07:04 AM
We attempted to use it in our VPLS mesh setup but was not successful. Only could be really used for point to point. We stood up two sites but once we added the third leg, that broke it down. Cisco stated they couldnt support this design. This was after a few months of troubleshooting, code upgrades to address this issue (using a C9300 and moving to 16.9.1). Config was pretty basic. Cant say if the throughput was impacted or not as we were not able to fully implement. Useful link below for the C9300 platform. HTH.
10-11-2019 02:13 AM
Hi
I have done it, reason is gouvernment regulations.
And it's done in hardware so no impact on throughput. example config
interface x/y/z
cts manual
no propagate sgt
sap pmk 0000000000000000000000000000000000000000000000000000001234ABCDEF mode-list gcm-encrypt
the same in both switches.
/Mikael
10-15-2019 01:32 AM
Hi there
can you tell me what each command does?
is there a key you put in which has to match each end?
10-15-2019 02:33 AM
Hi,
Here is the complete guide for the same:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide