MACsec?

  • 2
  • Idea
  • Updated 1 year ago
  • Implemented

Hello,

are there any plans to implement  IEEE 802.1AE on Enterasys / Extreme switches and APs in future?
I think especially for inter switch links it would be a great security benefit.

Kind regards
Christoph

Photo of Christoph

Christoph

  • 1,862 Points 1k badge 2x thumb

Posted 5 years ago

  • 2
Photo of Mike D

Mike D, Alum

  • 3,852 Points 3k badge 2x thumb
Official Response
Hello Martin,


nothing by way of operational network experience to offer but I'll kick in some trivia to give the thread a fresh timestamp.  I expect this will be a popular topic before long.  As new features go, this one is pretty cool.

* hardware required:  7100-Series or S-Series s180-class 
* MACsec implementation is standards based -  8.02.1ae-2006 and 802.1x-1020
* limited testing verifies interop with Juniper MACsec
* MACsec licenses are applied per module.  
          eval license available here:   
          https://extranet.extremenetworks.com/mysupport/licensing/Pages/default.aspx
          extranet account required - immediate request/license turnaround
* MACsec can be supported on every port in an S-Series chassis.
* current implementation is switch to switch.
* easily implemented - the example minimum config below can be mirrored on both sides
1) set macsec port mka enable tg.1.1
2) set macsec pre-shared-key port tg.1.1 ckn foo
cak passphrase bar

MACsec is supported on 1Gb/s and 10Gb/s ports and will run on fiber, copper, DAC etc.  
* 40Gb/s when run in 10G/s mode only.  No virtual port support, physical ports only

Regards,
Mike


(Edited)