Solved: Hardware Based Encryption

Imran Ahmad · ‎09-22-2012

Hello Guys,

Is there any way to encrypt data travelling on WAN link without establishing VPN between sites ? if yes please let me know what hardware can do this task

I m asking this question because >

We have an existing HQ with 20-existing branches connected to HQ through VPN links over internet cloud. and we are planning to discard 3 of the existing branches internet link and provide them DATA-Link through micro-wave, so while they are connected through micro-wave data-link the actual data which is transmitted between those 3-branches to HQ will not be encrypted because we are not going to establish vpn between HQ and those 3-brs. so here we want to have some sort of Router to encrypt the data at Hardware Level without needing to have vpn link established.

Marvin Rhoads · ‎09-22-2012

You can use MACsec switch to switch if you have the right hardware. See this matrix.

View solution in original post

Marvin Rhoads · ‎09-23-2012

It's pretty new technology and usually done as part of an ISE deployment. The matrix I linked to earlier has the hardware you'd need. Software is generally a very recent release - e.g. 12.2(55)SE or later. The respective software configuration guides have the details. For instance, here is the one for 3560X/3750X 12.2(55)SE:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1316722

Frankly, MACsec isn't a "magic bullet" and you will find a lot more information and assistnace if you continue to use VPN technology. Why do you want to get awaay from that?

View solution in original post

Marvin Rhoads · ‎09-22-2012

You can use MACsec switch to switch if you have the right hardware. See this matrix.

Imran Ahmad · ‎09-22-2012

Thank you Marvin.

I have never heard or done the MACsec configuration. For a complete setup of MACsec can you please help me what are the requirement on Hardware and Software point & and what steps i should take on the configuration of this.

I would appreciate your assistance

Marvin Rhoads · ‎09-23-2012

It's pretty new technology and usually done as part of an ISE deployment. The matrix I linked to earlier has the hardware you'd need. Software is generally a very recent release - e.g. 12.2(55)SE or later. The respective software configuration guides have the details. For instance, here is the one for 3560X/3750X 12.2(55)SE:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1316722

Frankly, MACsec isn't a "magic bullet" and you will find a lot more information and assistnace if you continue to use VPN technology. Why do you want to get awaay from that?

Imran Ahmad · ‎09-25-2012

Thank you for the info

You mean we must have either ISE or Cisco ACS in our network to deploy TrustSec ? without that it is not possible ?

the link you sent it has the docs, but do you have any live configuration of a network where TrustSec is fully setup and configured ?

one thing else, i m searching to purchase a Vedio Training on Cisco ACS for Windows. because i tried and wasted alot of my time on reading pdf docs which are availble on cisco webside , but it could not help me more than 30%. and still i have not been able to deploy cisco acs at our network. do you have any reference to provide me ?