08-26-2015 07:06 AM - edited 03-08-2019 01:31 AM
Hi all,
The current setup:
We have 4 Cisco Catalyst 4500X switches in two different buildings. In each building we have a VSS, both VSSes are interconnected by a PAgP port-channel composed of link 1 and link 2.
+-------------------+ VSL +-------------------+
| Switch 1: (4500X) |==========| Switch 2: (4500X) |
+-------------------+ +-------------------+
¦ ¦
¦ ¦
¦ ¦
¦ Link 1 ¦ Link 2
¦ ¦
¦ ¦
¦ ¦
+-------------------+ VSL +-------------------+
| Switch 3: (4500X) |==========| Switch 4: (4500X) |
+-------------------+ +-------------------+
We would link to use MACsec encryption on between both VSSes in manual mode, without authentication server. Is that possible and which firmware version is needed for the setup?
Has someone a comparable installation, what are the pitfalls that one has to pay attention?
Regards,
Gilles
08-27-2015 05:27 AM
Hello,
some more information:
Gilles
09-24-2015 06:10 AM
I have a really similar setup...but it's not easy to find documentation.
Is it necessary an additional module?
By the way, 3.5.x is fine
From the Release notes:
MACSec Encryption on Cisco Catalyst 4500-X
- IEEE 802.1ae MACSec Layer 2 encryption
- IEEE 802.1ae MACSec encryption on user-facing ports
- IEEE 802.1ae MACSec encryption between switch-to-switch links using Cisco Security Association
A.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide