cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1982
Views
0
Helpful
3
Replies

Nexus 7000 trunk encryption?

franciscomuniz
Level 1
Level 1

Hi,

I see that the Nexus supports wirespeed aes encryption, however this is in the context of trustsec, which begins at the server/client.

Is it possible to encrypt just the trunk links, without changing the servers? We'd like to encrypt the interDC links.

Thanks everyone!

1 Accepted Solution

Accepted Solutions

Atif Awan
Cisco Employee
Cisco Employee

franciscomuniz wrote:

Hi,

I see that the Nexus supports wirespeed aes encryption, however this is in the context of trustsec, which begins at the server/client.

Is it possible to encrypt just the trunk links, without changing the servers? We'd like to encrypt the interDC links.

Thanks everyone!

You can use CTS for point-to-point encryption for your DCI links. Following URL has a configuration example for this:

http://www.ciscopress.com/articles/article.asp?p=1395746&seqNum=7

Keep in mind that it is point-to-point encryption so either you extend Layer-2 between Data Centers or have them connected via dark fibers.

Atif

View solution in original post

3 Replies 3

Atif Awan
Cisco Employee
Cisco Employee

franciscomuniz wrote:

Hi,

I see that the Nexus supports wirespeed aes encryption, however this is in the context of trustsec, which begins at the server/client.

Is it possible to encrypt just the trunk links, without changing the servers? We'd like to encrypt the interDC links.

Thanks everyone!

You can use CTS for point-to-point encryption for your DCI links. Following URL has a configuration example for this:

http://www.ciscopress.com/articles/article.asp?p=1395746&seqNum=7

Keep in mind that it is point-to-point encryption so either you extend Layer-2 between Data Centers or have them connected via dark fibers.

Atif

Thanks! Just what I was looking for.

Do you know if it works on L3 (i.e. "no switchport") links?

Just curious, as I can do it like the example in any case.

franciscomuniz wrote:

Thanks! Just what I was looking for.

Do you know if it works on L3 (i.e. "no switchport") links?

Just curious, as I can do it like the example in any case.

I have not used it but I do not see a reason why it should not work with Layer-3 point-to-point links.

Atif

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: