Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
1
Replies

Cisco Trustsec across QinQ provider network

cbeswick
Level 1
Level 1

‎06-26-2014 11:37 PM - edited ‎03-07-2019 07:50 PM

Hi,

We are thinking of using manual CTS encryption on either natively routed ports, or Vlans / SVIs  (Nexus 7ks) to form OSPF adjacencies, but need to understand if this will work across a providers QinQ network. It is my understanding that Trustsec encrypts the 802.1q VLAN tag so ultimately the WAN Provider will receive an untagged packet. So in both cases whether we use a natively routed port, or a Vlan with SVIs, the frames will be untagged.

So I suppose what I am asking is: Can a QinQ WAN provider accept untagged frames, or do frames have to ingress into the providers network with an underlying Vlan Tag in place?

 

Thanks in advance.

 

Chris.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

kerstin-534
Level 1
Level 1

‎06-30-2014 01:29 AM

Hi Chris,

from my tests MacSEC (manual CTS) does not work across QinQ because gcm-encrypt does authenticate via 802.1x (EAPOL frames). And EAPOL ist not tunneled. EAPOL is grabbed by the QinQ interface.

br Fritz

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card