cancel
Showing results for 
Search instead for 
Did you mean: 

MACsec?

MACsec?

Christoph
Contributor
Hello,

are there any plans to implement IEEE 802.1AE on Enterasys / Extreme switches and APs in future?
I think especially for inter switch links it would be a great security benefit.

Kind regards
Christoph

10 REPLIES 10

MartinS1
New Contributor
Hi there,

according to a GTAC Service Request I initiated there is no support for 1G SFPs on 10G-Ports running MACSec on a S180 SSA (SSA-G8018-0652).

Nevertheless we successfully configured MACSec on two SSA-180 between the ports tg.1.2 with a 1G SFP!!!! 😄
Now with the latest firmware 8.42.

Regards,
Martin

Mike_D
Extreme Employee
Hello Martin,

nothing by way of operational network experience to offer but I'll kick in some trivia to give the thread a fresh timestamp. I expect this will be a popular topic before long. As new features go, this one is pretty cool.

* hardware required: 7100-Series or S-Series s180-class
* MACsec implementation is standards based - 8.02.1ae-2006 and 802.1x-1020
* limited testing verifies interop with Juniper MACsec
* MACsec licenses are applied per module.
eval license available here:
https://extranet.extremenetworks.com/mysupport/licensing/Pages/default.aspx
extranet account required - immediate request/license turnaround
* MACsec can be supported on every port in an S-Series chassis.
* current implementation is switch to switch.
* easily implemented - the example minimum config below can be mirrored on both sides
1) set macsec port mka enable tg.1.1
2) set macsec pre-shared-key port tg.1.1 ckn foo cak passphrase bar

*
MACsec is supported on 1Gb/s and 10Gb/s ports and will run on fiber, copper, DAC etc.
* 40Gb/s when run in 10G/s mode only. No virtual port support, physical ports only

Regards,
Mike


Eisi1
New Contributor III
Hi Michael,

I want to test MACSec with a eval license, but when I follow the link you provided there is no option for MACSec eval license. How can I get one?

Regards,

Uwe

Hi Stephane,

we first set up the 10G MACSec with the commands from above.
after this we:
- disabled Port (in our case tg.1.2 on both SSAs)
- replaced 10G-SFP+ with 1G-SFP
- enabled Ports tg.1.2

Port ist administratively "up" but remains operational "down" 😞

After this we:
- disabled MACSec on Ports tg.1.2
-> Ports got operationally "up"
- enabled MACSec
-> Ports got operationally "down"

That's all!

Did we anything wrong?... or at least something right!?

Regards,
Martin
GTM-P2G8KFN