cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1201
Views
5
Helpful
3
Replies

MACsec with SDA roadmap

kklyubin
Cisco Employee
Cisco Employee

Hi All,

Hope you’re doing well!

 

Just one small question – if MACsec support is on the roadmap for SD-Access? Or there are no plans to support it at all?

 

Any input would be very welcome

3 Replies 3

jedolphi
Cisco Employee
Cisco Employee

Hello Katerina,

Update: In Cisco SD-Access  2.2.2.x there is some support for MACsec, depending on the specific circumstances. Cisco partners can review this URL for more details: https://www.cisco.com/c/dam/en/us/products/se/2021/6/Business_Unit/What_s_New_in_Cisco_SD-Access_2_2_2_4_-_v1_01__Partner.pdf

Best regards, Jerome

Any new information? Link is dead by the way.

We support MACsec in SD-Access Fabric using templates or manual CLI.

 

  • Switch-to-switch MACsec in SD-Access has been validated using pre-shared key (PSK) key-chains.

  • Routing platforms have not been validated for MACsec in an SD-Access Fabric.

  • aes-256-cmac has been validated for the MACsec Keychain Cryptographic-Algorithm.

  • gcm-aes-256 has been validated for the MKA Policy Cipher-Suite.

  • Switch-to-host MACsec in SD-Access has been validated using a dynamically authorization result from ISE wherein the encryption policy is returned with the authorization result.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers