Is there any way to encrypt data travelling on WAN link without establishing VPN between sites ? if yes please let me know what hardware can do this task
I m asking this question because >
We have an existing HQ with 20-existing branches connected to HQ through VPN links over internet cloud. and we are planning to discard 3 of the existing branches internet link and provide them DATA-Link through micro-wave, so while they are connected through micro-wave data-link the actual data which is transmitted between those 3-branches to HQ will not be encrypted because we are not going to establish vpn between HQ and those 3-brs. so here we want to have some sort of Router to encrypt the data at Hardware Level without needing to have vpn link established.
Yes 802.1ae works with just the switches nothing else is required.
There is no AAA of persons involved its just device port to device port from port x on switch one to port y on switch two.
(actually you can use 802.1ae to also encrypt links between a computer and the switch but this is not the case in this scenario then weg are talking about Trustsec)
Trustsec is a big framework not just 802.1ae and macsec is a part of that framework. So in this scenario they are basically interchangeable.
Here are some scenarios
You have leased 2 racks in a hosting company, but they are some racks inbetween them and you would like to have a secure communications line inbetween your two racks.
You can then run 802.1ae inbetween them and all the traffic on that link will be encrypted.
Another scenario would be
You are in a building and you have access to several floors but inbetween these floors there are other tenants and you want to secure your communication links so that they can not listen in on them.
And ofcourse your own scenario
you have two different buildings and you want to connect them and have an encrypted link between the buildings.
There is one big thing with 802.1ae and that is there can only be layer 1 devices inbetween the switches.
ie you can not use anything that needs to go above that layer. that will break the 802.1ae encryption scheme.
and ofcourse links.
Thanks for the ratings.
Hope This Helps
It is AES 128 bit.
AES is a newer encryption standard than the 3DES and afaik it has basically replaced the 3DES as the standard encryption method used for new sites today.
No the 3550 does not support it.
You will need to go to fx 3560x 3750x and so on.
Hope This Helps
Since VPN is a concept not a product the answer to your question is always Yes and no but it depends.
VPN = Virtual Private Network
It is a concept that through encryption you will have your "own" network on a link where others might also reside.
Ie just the thing you are asking for.
First of all you can still have the same type of VPN over the microwave-links as you would over the Internet.
no difference except that instead of going over an ISP you doing it over a Microwave link.
Will the links be L1, if so then you can use switches with 802.1ae Macsec.
There are a bunch of different boxes that encrypts everything that comes in in one end and sends it to another box on the other end and decrypts it there and vice verse. However those boxes tend to be quite expensive.