Nexus 5k/5500 and 802.1AE aka MacSec aka TrustSec Layer 2 crypto

Juergen Meier · ‎05-05-2011

There is very little and quite diverse Information regarding the if, where and how of a Nexus 5000 or 5500 series Switch and support for IEEE 802.1AE Link Layer Encryption (also called MACsec).

For example: the official FAQ denies that the Nexus 5500-series supports 802.1AE at all, while the data sheet says that only "downlink ports" are supported (host access).

On the Nexus 7000 platform the 802.1AE link layer encryption is part of TrustSec (feature cts) and much better documented.

The Question is: If and under which circumstances (configuration, L3 modules, license, NX/OS version) does a Nexus 5k or 5500 series Switch support 802.1AE on 1G or 10G interfaces that are directly connected to a Nexus 7000 (with the necessary cts feature licensed/configured)?

mmacdonald70 · ‎05-12-2011

I just had a big discussioin with my SE about this. There is no hardware support for 802.1AE on any Nexus 5k platform.

MDonchatz · ‎06-04-2013

Any update on this? Thanks!

~Mike D

Good luck & HTH, please rate posts that are helpful.

Thank you
Michael Donchatz,CCIE(DC)#46605, VCIX-NV, NCDA

Sandip Rathod · ‎04-03-2014

Hi Mike

802.1ae not supported on any of the N5K device

Regards,

Sandip

rvdoever · ‎11-14-2017

How about the Nexus 5672? At least found no reference to MacSec in the docs, only TrustSec.