04-09-2020 01:29 AM
Hi All,
Hope you’re doing well!
Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?
Any input would be very welcome
04-09-2020 03:15 AM - edited 09-06-2021 08:22 PM
Hello Katerina,
Update: In Cisco SD-Access 2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf
Best regards, Jerome
05-11-2022 01:02 PM
Any new information? Link is dead by the way.
05-11-2022 02:02 PM - edited 05-11-2022 02:04 PM
We support MACsec in SD-Access Fabric using templates or manual CLI.
Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.
Routing platforms have not been validated for MACsec in an SD-Access Fabric.
aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.
gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.
Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: