Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
0
Replies

MACSEC Through a Nexus 93180

Daniel Smith
Level 1
Level 1

‎03-13-2023 04:36 AM

I am lab testing a MACSEC configuration from an NCS55A2 to an ISR4431. However, the NCS only does macsec on 10G or higher interfaces, so I have made a switchport connection, access-mode same vlan, such that the NCS can connect at 10G and the ISR at 1G. Before doing any macsec work, I have confirmed the two can at least ping each other through that set up. When I go to configure basic macsec (just PSK and default policy), both devices show this:

Status: Init - Searching for Peer (Waiting to receive first Peer MKPDU)

It is as though the Nexus in this case is intercepting the macsec packets and they are not traversing that test set up. The final design is that the NCS connects to transport at 10G, and the ISR connects to the same transport environment at 1G, with a logical circuit built between them.

Thanks in advance for any suggestions!

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card