Re: Switch2Switch Security

waschminator · ‎04-12-2023

Hello,

our security department is concerned that in our office a 3rd party is able to connect to our distribution- and/or floor switch by cutting the fiber uplink and connecting to one of the 2 switches.

therefore my question is: is there any security/authentication feature available on cat9k that guarantees that nobody else can intercept the uplink? encryption comes to my mind but i expect this on extra costs.

MHM Cisco World · ‎04-12-2023

there is can not done via L2 I think
instead use policy to make host in 3rd party access to specific resource other are deny.
so there is multi ACL can config here
PACL
VLAN ACL

balaji.bandi · ‎04-12-2023

There are couple ways you can do when it transit public infrastrucutre like you mentioned Dark Fibre.

You can enable MACsec between swiches, that is reason Cat 9K support that features Layer 2 MACSec

have a look below config guide :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/sec/b_169_sec_9300_cg/macsec_encryption.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

waschminator · ‎04-12-2023

i just checked out for catalyst 9200...my fear were extra costs...but it seems MACSES is already included in essentials-license.

anyway, any other ideas?

Joseph W. Doherty · ‎04-12-2023

"anyway, any other ideas?"

Post your question in the Security forum.