Extreme Networks

Stephen_Stormon · ‎09-28-2020

We have a point to point connection running between two x460 switches running 16.2.5.4-patch1-12. We are going through a FISMA readiness audit and are being told that we need to encrypt that P2P connection between those devices. Is that possible natively or do we need to purchase different equipment and/or newer version of XOS or do we need a 3rd party solution to make that happen?

Stefan_K_ · ‎09-29-2020

afaik, you can only use MACsec in this constellation if the MPLS-Provider supports and configures MACsec on the MPLS-Router and all devices that are used inside the MPLS-Network.

Miguel-Angel_RO · ‎09-28-2020

Stephen,

The P2P link between the x460 is ok for me but the MLPS link is not a P2P link.

For this kind of topology I recommend to request assistance of Extreme Professional Services.

I don’t know if you can encrypt the traffic between the nodes and still exchange the needed information with you ISP switches for the MPLS forwarding.

I’m not an expert on this matter. Not yet

Mig

Stephen_Stormon · ‎09-28-2020

Simplified topology map is below.

0477c7e4ed7b41bda59b56125ff58a90_1aa25d29-2cd5-4b33-b6a6-9c12ad73edb3.jpg

Miguel-Angel_RO · ‎09-28-2020

Stephen,

Drawing a topology map would help to understand.

To be checked is the number of max MACSEC interfaces you can have on your specific switches

From my understanding one CAK per P2P link is needed.

Mig

Extreme Networks

Encrypt a point to point connection?

Encrypt a point to point connection?