Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Trustsec question

Hello community,

 

I was wondering if someone can shed any light on this...

We have two buildings which we intend to connect via two different providers (probably metroethernet links). The two buildings will be on the same VTP domain (vlan extension from one building to the other - the providers will implement .1Q tunnelling). The links will be bundled, using etherchannel on 4507 switches - one on each location.

In order to encrypt traffic we were thinking of implementing trustsec between the two switches. As I understand trustsec can only be configured on physical interfaces. As stated above we want to use etherchannel. Is that a problem?

Since the providers' switches are in the physical path between the two sites, do those too fall into the equation? Do they have to be macsec capable or since the traffic will be already encapsulated (.1Q tunneling) they don't care?

 

Any ideas will be really helpful!

 

Thank you in advance,

Katerina
 

1 REPLY
New Member

MacSec operates on a hop-by

MacSec operates on a hop-by-hop basis, therefore in order to implement macsec all the equipment in the path must be managed by us.

So, since we will be going through the providers' metroethernet, macsec seems to be out of the question.

VPLS must be the answer!

29
Views
0
Helpful
1
Replies
CreatePlease to create content