04-18-2023 09:35 AM
Hello,
I have two third-party device connected to one C9500 and I would like to establish MacSec between them. I know by default macsec traffic is forwarded to MKA MAC address 01:80:C2:00:00:03, and that the default ether-type is 0x888e. Cisco enables you to change the default values of both, but the third-party devices doesent have this option. Does anybody know if this is possible?
I tried playing around with eapol dst-addr and eapol eth-type but to no success.
TY
04-18-2023 11:53 AM
Hi
Which version do you have?
Configures an ethernet type (Hexadecimal) for the EAPoL Frame on the interface.
Note |
From Cisco IOS Release XE 3.17, the macsec eth-type command has been replaced by the eapol eth-type command. |
04-25-2023 12:03 AM
I have 17.6, but tried 17.10 also. The eapol eth-type dosent solve the issue for me. I'm testing it it the lab - I have two 9200 connected to one 9500 and cannot establish macsec over the switch.
04-18-2023 12:37 PM
I dont get, this issue between Cisco SW or between Cisco SW and 3'rd device ?
04-25-2023 12:02 AM
Sorry for the late reply. The issue is that Cisco automatically sends the macsec packets to its CPU. But I want it to passthrough it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide