[c-nsp] MACSec Stages
Alex K.
nsp.lists at gmail.com
Tue May 1 03:10:33 EDT 2018
This will be great.
Especially documenting real world scenarios - IS-IS over MACSec, MPLS and
IP. Putting PCAPs is also very good idea.
I'm speaking for myself, but I think many here will agree - such
documentation will really address current state of affairs.
Thank you.
Alex.
בתאריך יום ג׳, 24 באפר' 2018, 10:01, מאת Graham Bartlett (grbartle) <
grbartle at cisco.com>:
> Hi Antoine
>
> The details are;
>
> IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2,
> IPsec VPNs, and FlexVPN in Cisco IOS
>
>
> http://www.ciscopress.com/store/ikev2-ipsec-virtual-private-networks-understanding-9781587144608
>
> Amjad, Alex and myself didn’t write this in our work day. It’s pretty much
> all written in personal time. I’m guestimating I spent between 800 and 1000
> hours developing this, as you might imagine this didn’t have the same sales
> as Harry Potter, so we wont be taking early retirement in the near future.
> Hence the reasons for the Qs on a MACsec book.
>
> With regards to MACsec, if there was some material on the handshake, maybe
> with decrypted PCAPs to illustrate what is going on under the hood and the
> relevant commands, would this be on interest ? Once again this isn’t my
> day-job so I don’t want to promise anything, but have an idea what would
> help folk understand.
>
> cheers
>
> From: Antoine Monnier <mrantoinemonnier at gmail.com>
> Date: Monday, 23 April 2018 at 07:31
> To: grbartle Graham <grbartle at cisco.com>
> Cc: Nick Cutting <ncutting at edgetg.com>, "Alex K." <nsp.lists at gmail.com>,
> Alan Buxey <alan.buxey at gmail.com>, cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] MACSec Stages
>
> Hi Graham,
>
> Kind of OT, but what is the title of your book on IPsec VPN?
>
> thanks
>
> On Fri, Apr 20, 2018 at 7:55 AM, Graham Bartlett (grbartle) <
> grbartle at cisco.com> wrote:
> Hi
>
> A few of us in Cisco were thinking of writing a CiscoPress book on MACsec,
> which would include details of the inner workings, including protocol flows
> and how the various key material is derived etc.
>
> If this was available would there be interest in this ?
>
> The reason I ask is, I spent a lot of time and effort developing a book on
> IPsec VPNs and it’s got a very narrow audience. I would imagine that
> there’s even less interest in MACsec. But if we could produce something
> that meets your needs and there is interest we could reconsider.
>
> cheers
>
> On 17/04/2018, 14:18, "cisco-nsp on behalf of Nick Cutting" <
> cisco-nsp-bounces at puck.nether.net on behalf of ncutting at edgetg.com> wrote:
>
> I agree - I spent weeks with TAC cases open etc. and Cisco has no idea
> how this works either.
>
> I gave up and built a L3 routed VPN.
>
> I am waiting for the How-to article by Jeremey Stretch!
> -----Original Message-----
> From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Alex
> K.
> Sent: Tuesday, April 17, 2018 4:13 AM
> To: Alan Buxey <alan.buxey at gmail.com>
> Cc: cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] MACSec Stages
>
> This message originates from outside of your organisation.
>
> Hello Alan and thank you for answering.
>
> That's the point - all one can find by searching the standard ID, is a
> bunch of unrelated documents, some from IEEE, some from independent sources
> - none display any coherent picture whatsoever.
>
> Not to mention none provide any overview of the protocol. Just some
> not connected points.
>
> Such lack of the documentation by all major vendors (white paper
> stating MACSEC is an encryption protocol, doesn't count as a documentation)
> hit the hardest when it comes to troubleshooting. No explanation for
> debugs, no known steps for endpoints to pass through, you're pretty much on
> your own trying to figure out what's going on.
>
> Alex.
>
> בתאריך יום ג׳, 10 באפר' 2018, 16:06, מאת Alan Buxey <
> alan.buxey at gmail.com>:
>
> > 802.1AE
> >
> > Look that up for how it works
> >
> > alan
> >
> > On Wed, 4 Apr 2018, 00:32 Alex K., <nsp.lists at gmail.com> wrote:
> >
> >> Hello everyone,
> >>
> >> After a few implementations of MACSec, I began wondering is there a
> >> complete documentation of that technology out there?
> >>
> >> For example, I have quite an experience with L2TP. Now, SCCRP may
> >> sound like a bad language to some, but as we all know, it's an
> >> important step in tunnel setup. The internet is literally brimming
> >> with information about L2TP. As for MACSec, maybe it's only me -
> but
> >> I'm having a hard time finding information on MACSec internal
> >> workings (beyond packets formats) especially - when it comes to
> protocols stages and related cisco debugs.
> >>
> >> All I was able to find this far, are some really general sketches
> of
> >> MACSec exchanges and seemingly unrelated debug commands.
> >>
> >> Am I missing something? Any help, such as linking to proper
> >> documentation, successful and unsuccessful debug outputs and such,
> on
> >> and off-list, will be gladly appreciated.
> >>
> >>
> >> Thank you,
> >> Alex.
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
More information about the cisco-nsp
mailing list