Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
1
Replies

Trustsec question

katerina.dardoufa
Level 4
Level 4

‎11-13-2014 12:39 AM - edited ‎03-07-2019 09:29 PM

Hello community,

 

I was wondering if someone can shed any light on this...

We have two buildings which we intend to connect via two different providers (probably metroethernet links). The two buildings will be on the same VTP domain (vlan extension from one building to the other - the providers will implement .1Q tunnelling). The links will be bundled, using etherchannel on 4507 switches - one on each location.

In order to encrypt traffic we were thinking of implementing trustsec between the two switches. As I understand trustsec can only be configured on physical interfaces. As stated above we want to use etherchannel. Is that a problem?

Since the providers' switches are in the physical path between the two sites, do those too fall into the equation? Do they have to be macsec capable or since the traffic will be already encapsulated (.1Q tunneling) they don't care?

 

Any ideas will be really helpful!

 

Thank you in advance,

Katerina
 

Labels:
0 Helpful
1 Reply 1

katerina.dardoufa
Level 4
Level 4

‎11-13-2014 06:01 AM

MacSec operates on a hop-by-hop basis, therefore in order to implement macsec all the equipment in the path must be managed by us.

So, since we will be going through the providers' metroethernet, macsec seems to be out of the question.

VPLS must be the answer!

0 Helpful
Customers Also Viewed These Support Documents