Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
4
Replies

MAC Sec - who uses it etc

carl_townshend
Spotlight
Spotlight

‎10-08-2019 03:57 AM

Hi All

Can anyone tell me if they use Macsec and why?

We have some ethernet circuits to remote sites and we need to look at encryption.

Is it easy to do switch to switch encryption, much config involved?

does this bring the throughput down on the switch or is it done in asics?

cheers

Labels:
0 Helpful
4 Replies 4

mwood000111
Level 1
Level 1

‎10-08-2019 07:04 AM

We attempted to use it in our VPLS mesh setup but was not successful.  Only could be really used for point to point.  We stood up two sites but once we added the third leg, that broke it down.  Cisco stated they couldnt support this design.  This was after a few months of troubleshooting, code upgrades to address this issue (using a C9300 and moving to 16.9.1).  Config was pretty basic.  Cant say if the throughput was impacted or not as we were not able to fully implement.  Useful link below for the C9300 platform.  HTH.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html#task_CCBD6C0C4B07493BB5531708AE622C61

0 Helpful

mlund
Level 7
Level 7

‎10-11-2019 02:13 AM

Hi

I have done it, reason is gouvernment regulations.

And it's done in hardware so no impact on throughput. example config

interface x/y/z

cts manual
 no propagate sgt
 sap pmk 0000000000000000000000000000000000000000000000000000001234ABCDEF mode-list gcm-encrypt

the same in both switches.

/Mikael

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to mlund

‎10-15-2019 01:32 AM

Hi there

can you tell me what each command does?

is there a key you put in which has to match each end?

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to carl_townshend

‎10-15-2019 02:33 AM

Hi,

Here is the complete guide for the same:

https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/command_sum.html#79442

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card