[c-nsp] Transparent WAN Encryption

Ian Henderson ianh at ianh.net.au
Sun Feb 2 23:23:06 EST 2014

On 3 Feb 2014, at 8:10 am, Antonio Soares <amsoares at netcabo.pt> wrote:

> I'm looking for the simplest way to do it. Most customers have L2
> connections between Data Centers. The edge device controlled by the customer
> is a Layer 2 Switch. The mechanisms like IPSec, GETVPN, FlexVPN, an so on,
> need a router in the edge. This implies modification of the customer's
> topologies. L2 encryption seems the perfect solution and it seems there are
> several options on the market.

What about MacSec? Works between 3560X/4500/4500X/Sup2T/etc for wire rate L2 encryption.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/15.1/XE_330SG/configuration/guide/swmacsec.html#wp1334072 says:

This example shows how to configure Cisco TrustSec authentication in manual mode on an interface:
Switch# configure terminal
Switch(config)# interface tengiigabitethernet 1/1/2
Switch(config-if)# cts manual 
Switch(config-if-cts-manual)# sap pmk 1234abcdef mode-list gcm-encrypt null no-encap
Switch(config-if-cts-manual)# no propagate sgt
Switch(config-if-cts-manual)# exit 
Switch(config-if)# end

(Its a copy and paste, even the typos ;)).


- I.

More information about the cisco-nsp mailing list