Do Switches Support IPSEC?

Answered Question
Apr 21st, 2009
User Badges:

Does any Cisco Catalyst LAN switch support IPSec and IKE?


I have a 3550...I think Im out of luck. I don't see either feature in the navigator...


Thanks

Correct Answer by Marvin Rhoads about 7 years 11 months ago

I believe you need to step all the way up to the 6500 series to get IPSec/IKE.


See the IPSec portfolio data sheet at http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns142_Networking_Solutions_Brochure.html


For the 6500, see the configuration note at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800cdfc9.shtml


If you'd like to share why you ask, there may be other solution sets more attractive than using a 6500 series switch.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Tue, 04/21/2009 - 19:03
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

I believe you need to step all the way up to the 6500 series to get IPSec/IKE.


See the IPSec portfolio data sheet at http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns142_Networking_Solutions_Brochure.html


For the 6500, see the configuration note at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800cdfc9.shtml


If you'd like to share why you ask, there may be other solution sets more attractive than using a 6500 series switch.

ex-engineer Wed, 04/22/2009 - 08:34
User Badges:

Hi there:


Thanks for the response.


Yes, I believe you're right. IPSec and IKE seem to be strictly found on routers, not switches, except for the 6500 series.


I just wanted to ask because I am in a lab and wanted to do some testing.


Thanks

h17m4n18727 Tue, 06/19/2012 - 00:08
User Badges:

Hi,


Can I open this up again? I have two 3560 Switches. And the carrier in between ony allows 50 MAC Addresses on their link. I got them to up this 100, but I am not sure if this will be enough. If I can create a tunnel in between then the carrier should only see the two peer IP Addresses.


We do not have budget for 6500s and the networks have to be in the same broadcast domain. I currently have VLANs trunked accross the link extending the onsite LANs to the other site.


Thanks

Actions

This Discussion