cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
947
Views
2
Helpful
4
Replies

MACSEC passthrough on C9500

Hello,

I have two third-party device connected to one C9500 and I would like to establish MacSec between them. I know by default macsec traffic is forwarded to MKA MAC address 01:80:C2:00:00:03, and that the default ether-type is 0x888e. Cisco enables you to change the default values of both, but the third-party devices doesent have this option. Does anybody know if this is possible?

I tried playing around with eapol dst-addr and eapol eth-type but to no success.

TY

****Kindly rate all useful posts*****
4 Replies 4

Hi

 Which version do you have? 

Configures an ethernet type (Hexadecimal) for the EAPoL Frame on the interface.

Note 

From Cisco IOS Release XE 3.17, the macsec eth-type command has been replaced by the eapol eth-type command.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/macsec/configuration/xe-3s/macsec-xe-3s-book.html#task_1573E9C7150F4451981F493D0B7859CB 

 

I have 17.6, but tried 17.10 also. The eapol eth-type dosent solve the issue for me. I'm testing it it the lab - I have two 9200 connected to one 9500 and cannot establish macsec over the switch. 

****Kindly rate all useful posts*****

I dont get, this issue between Cisco SW or between Cisco SW and 3'rd device ?

Sorry for the late reply. The issue is that Cisco automatically sends the macsec packets to its CPU. But I want it to passthrough it.

****Kindly rate all useful posts*****
Review Cisco Networking for a $25 gift card