Wireless Access

Reply

MACSec information

Hi,

 

I see on the datasheet for the AP135 "MACSec authentication and encryption on Ethernet ports enable secure AP deployment by interoperating with the MACSec capability on Aruba Mobility Access Switches and other wiring closet equipment."

 

However I've searched all the documentation for "macsec" and there is no mention of it.  Is this feature configurable or is it just plug and play with the AP135 and Aruba switch?  What about other switch vendors that support macsec and how do I configure it?

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: MACSec information

Our switches have hardware support for MACSec but it isn't supported in our software...yet.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba

Re: MACSec information

Just to add to Seth's comments, the APs also just have hardware support for MACSec today. I've reached out to the PLM team to clarify the datasheet.

 

If you'd like to see the software support implemented, I recommened submitting a request into the idea portal:

 

https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp

 

Best regards,

 

Madani

Re: MACSec information


madjali wrote:

Just to add to Seth's comments, the APs also just have hardware support for MACSec today. I've reached out to the PLM team to clarify the datasheet.

 

If you'd like to see the software support implemented, I recommened submitting a request into the idea portal:

 

https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp

 

Best regards,

 

Madani


Do you mean by 'hardware support' that just plug the AP135 into a MAS and MACSec is enabled between the two?

 

What about using other switch vendors that support MACSec, as the data sheet suggests?

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite

Re: MACSec information

Hardware support as in the chipset supports it, but it needs to be added to the code in order to function.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: MACSec information

It will not be plug and play.  Some config work will have to happen to enable MACSec on the port.  For example, on Cisco, the config looks like this:

 

Switch(config)# interface GigabitEthernet1/0/25

Switch(config-if)# switchport access vlan 10

Switch(config-if)# switchport mode access

Switch(config-if)# macsec

Switch(config-if)# authentication event linksec fail action authorize vlan 2

Switch(config-if)# authentication host-mode multi-domain
Switch(config-if)# authentication linksec policy must-secure

Switch(config-if)# authentication port-control auto

Switch(config-if)# authentication violation protect

Switch(config-if)# mka policy replay-policy

Switch(config-if)# dot1x pae authenticator

Switch(config-if)# spanning-tree portfast

Switch(config-if)# end 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba

Re: MACSec information

And Tim is correct, the chipset on the AP supports MACSec but AOS does not support it yet from a software perspective.

Re: MACSec information

ok, thanks for that. 

 

Bit naughty and misleading though given it's mentioned in the datasheet with the implication being that it works  !!!

 

Any idea on the timeline for this feature?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba

Re: MACSec information

I apologize for the confusion. Our AP PLM is getting the datasheets adjusted to reflect future support for MACSec from a software perspective.

I would recommend reaching out to your Partner SE or Aruba SE for details about roadmap.

Best regards,

Madani

New Contributor

Re: MACSec information

Hi Madani et al,

I am new to Aruba's products, so am only now looking at these products (and their data sheets) for the first time.
Am I correct in assuming that, because the datasheets do not explicitly state this functionality is still pending software implementation, at some point since this question was asked (c. 16 months ago) MACsec has been fully implemented?
If so, could someone point me to documentation re how MACsec can be configured on these access points?
Kind regards,
Alan
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: