Re: MACSec support on Cisco Nexus 9000

nips · ‎10-07-2024

Hi All,

I need to know can we encrypt switch-to-host and switch-to-firewall traffic in Nexus 9000 switches using MACSec feature.

As well need to know the license which support MACSec in Nexus 9000.

Thanks

Pavel Tarakanov · ‎10-07-2024

Please find configuration guide:

https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/103x/configuration/security/cisco-nexus-9000-nx-os-security-configuration-guide-103x/m-configuring-macsec.html

Licensing information:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/licensing-options/cisco-nexus-licensing-options-guide.html

DanielP211 · ‎10-09-2024

Hello!

You need the extra security add-on license. Based on your system (NX-OS or ACI) for clasic nxos- NXOS-SEC-XF license or for ACI ACI-SEC-XM or ACI-SEC-XF.

I don't belive FTD supports macsec. Which device would you establish macsec to?

BR

****Kindly rate all useful posts*****

nips · ‎10-09-2024

@DanielP211 Actually The firewalls are Checkpoint, Fortinet and Palo. There are Bare metal servers and VM hosts. Requirement is encrypting the traffic switch to all these nodes