Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MACSec possible with IEEE 802.1Q Tunneling ?

Use Case:

To use MACSec between 2 Catalyst 3560-X on both sides with a provider network between that is configured for

IEEE 802.1Q Tunneling ?

Since MACSec uses 0x88e5 Frames and the Cisco SAP protocol uses 802.1x for negotiation, can that be

working ?

(I haven't success)

As there anybody who can confirm it can work and it how is done, please tell me.

best regards,

Herbert

Everyone's tags (5)
3 REPLIES
Community Member

MACSec possible with IEEE 802.1Q Tunneling ?

Yes, you need a device that can tunnel 802.1x via L2PT.

L2PT is not needed in EoMPLS as all control packets pass untouched, this is why EoMPLS works.

Community Member

MACSec possible with IEEE 802.1Q Tunneling ?

Hello Eduardo,

reading the config guide of the Nexus 7k

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_qinq_tunnel.html#wp1091505

this sounds like the Nexus 7k would tunnel the 802.1x frames as soon as I switch on

interface ethernet xxx

switchport mode dot1q-tunnel

l2protocol-tunnel

Is that true? Or does any other Cisco Device  tunnel 802.1x via L2PT? For example the metro switches?

Thank you!

   Thorsten

Community Member

MACSec possible with IEEE 802.1Q Tunneling ?

That Nexus is only capable of tunneling CDS, STP and VTP.

EoMPLS tunnels all (e.g. 802.1x) without modification to the destination mac-address.

2683
Views
0
Helpful
3
Replies
CreatePlease to create content