[c-nsp] Transparent WAN Encryption
Ian Henderson
ianh at ianh.net.au
Sun Feb 2 23:23:06 EST 2014
On 3 Feb 2014, at 8:10 am, Antonio Soares <amsoares at netcabo.pt> wrote:
> I'm looking for the simplest way to do it. Most customers have L2
> connections between Data Centers. The edge device controlled by the customer
> is a Layer 2 Switch. The mechanisms like IPSec, GETVPN, FlexVPN, an so on,
> need a router in the edge. This implies modification of the customer's
> topologies. L2 encryption seems the perfect solution and it seems there are
> several options on the market.
What about MacSec? Works between 3560X/4500/4500X/Sup2T/etc for wire rate L2 encryption.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/15.1/XE_330SG/configuration/guide/swmacsec.html#wp1334072 says:
This example shows how to configure Cisco TrustSec authentication in manual mode on an interface:
Switch# configure terminal
Switch(config)# interface tengiigabitethernet 1/1/2
Switch(config-if)# cts manual
Switch(config-if-cts-manual)# sap pmk 1234abcdef mode-list gcm-encrypt null no-encap
Switch(config-if-cts-manual)# no propagate sgt
Switch(config-if-cts-manual)# exit
Switch(config-if)# end
(Its a copy and paste, even the typos ;)).
Rgds,
- I.
More information about the cisco-nsp
mailing list