Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3560X with Service Module - MACSec over an Etherchannel?

Hi all,

Is anyone aware of any restriction's to using MACSec on the uplinks of a service module whilst the uplink ports are in an etherchannel?

Essentially we will have 2x 3560x's connected by 2x fibre's. The plan is to encrypt over these fibre's but to etherchannel them for resilience/convergence purposes. Is this likely to work? Has anyone done this before?

 

Many thanks

SteveH

Everyone's tags (3)
9 REPLIES
New Member

Just to close this out, This

Just to close this out, This is possible but you must use the Service Module and not the Network Module for the uplinks.

New Member

Hi thanks for your posting,

Hi thanks for your posting, have nearly the same situation here...

Where did you get the positive answer, could you find a documentation for MACsec together with Etherchannel?

 

I have on one side a 3560X with SM module and on the other side 68k with 69xx line card...

New Member

Just based on the data sheet

Just based on the data sheet and the configuration guide.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmacsec.html

I haven't yet got my hands on the kit, still waiting for it to arrive but based on the configuration guide switch-to-switch is supported.

You must be running higher than LAN Base though.

"Note MACsec is not supported on switches running the NPE or the LAN base image."

I will be configuring this in the next week or so and will post back here with a working configuration (hopefully!)

SteveH

New Member

Hi Steve

Hi Steve

Did you make it work?  I am having issue with MacSec switch to Switch manual configuration ( two 4500 with the right IOS ) with port Channel please can you help ?

can I get the running config and advices what I have to more take care 

New Member

Indeed we did, and it works

Indeed we did, and it works rather well. 

See: http://www.petenetlive.com/KB/Article/0001000.htm for an example configuration.

I haven't tested this on a 4500 (which model? 4500X i presume?), however the commands should be very similar. If you can give a bit more detail on where your problem is and the configuration your trying to apply i could take a look.

New Member

Hi Steven

Hi Steven

I am very happy to read you, my problem start on the configuration of 4500X out of the box:

-initial configuration

-MACsec configuration on Port-channel ( 4500X refuse some command )

-Also can we simulate MACsec using VIRL?

Thanks

New Member

Also see;https:/

Also see;

https://supportforums.cisco.com/discussion/11540361/how-configure-encryption-macsec-switch-switch-without-acs-server

New Member

I can now confirm this works

I can now confirm this works with manual mode; see my colleagues' blog post with a simple configuration example;

http://www.petenetlive.com/KB/Article/0001000.htm

Thanks
SteveH

New Member

Just based on the data sheet

.

860
Views
4
Helpful
9
Replies