Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

This thread has been viewed 66 times
  • 1.  AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Dec 21, 2023 09:15 AM
      |   view attached

    Can someone please elaborate on the need for that license,

    hence the fact that the cli commands is sticking. (without)

    The only reference in the manual  is this:

    Yes, stating Honor, is that it ??

    But maby not for long:

    Please note that HPE Aruba Networking will remove support for Honor mode in a
    future release and advanced features will only be operational if the applicable
    subscription fees are paid and a valid feature pack is installed.

    (included extended manual)



    ------------------------------
    Steinar
    ------------------------------

    Attachment(s)



  • 2.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    EMPLOYEE
    Posted Jan 05, 2024 03:30 AM

    You will find more detailed information and explanation about feature pack here:

    https://www.youtube.com/watch?v=0VWJEaWtBUA&list=PLsYGHuNuBZcbdzpcdZiqrEeoeOYljy5J6

    WAN MACsec comes in CX Advanced Feature pack.




  • 3.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 11, 2024 05:57 AM

    No, nothing there to the issue...



    ------------------------------
    Steinar
    ------------------------------



  • 4.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 03:01 AM

    CLIs will be available, but functionality will not be working in "Strict" mode of feature-pack. 



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 5.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 04:35 AM

    Yes, thanks; you are right:

    # show feature-pack

    Feature Pack Summary

    ====================

    Name             : --

    Expiration Date  : --

    Serial Number(s) : --

    MAC Address      : --

    Hostname         : --

    Type             : --

    Mode             : File Based

    State            : No feature pack installed

    Error Reason     : none

                                                    Subscription  Feature

    Feature                                                            Status        Status

    ---------------------------------------------------------------------------------------

    MACsec extensions for WAN                       inactive      blocked

    But this do not explain then why it is not working in a none/without "MACsec extensions for WAN" as back to Lan MACsec in 10.10.0002



    ------------------------------
    Steinar
    ------------------------------



  • 6.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 04:41 AM

    please elaborate on "strict" mode, can only find:

    config)# feature-pack mode


      cloud-managed   Obtain subscription information from a cloud-based server
      file-based              Obtain subscription information from a local file (default)
      honor                     A valid subscription exists, but cannot be installed



    ------------------------------
    Steinar
    ------------------------------



  • 7.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 05:36 AM

    you don't see strict written rather you will see it as inactive and blocked + state as " no feature pack installed"



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 8.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 17, 2024 05:46 AM
      |   view attached

    Please complete the following chart for the CX Advanced Feature Pack Requeriments:

    (with a clear and distinct yes/no/NA) Please

    Thanks



    ------------------------------
    Steinar
    ------------------------------

    Attachment(s)

    xlsx
    Arubamacsecwan.xlsx   17 KB 1 version


  • 9.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 18, 2024 09:09 AM

    as to my understanding a have added the "not available", in 10.10.0002 column

    and added the AOS MacSec features available in other Aruba switches license free.



    ------------------------------
    Steinar
    ------------------------------



  • 10.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 27, 2024 07:20 AM

    I have now successfully connect an AOS and AOS-CX switches and port with MacSec over

    an ISP MPLS network. (port 1/1/1). 

    With a 10, Gb Jumbo framed traffic flow. Also tested locally with direct fiber connection.(1/1/2)

    This assure a secure/encrypted, tamper free, confidential traffic connection.

    And fast: :)


    I have completed as far as my understanding the Feature pack requirement table based on this. (CX 10.10 not tested)

    And the running code and status for everybody to enjoy

    But I really hope Aruba finalize the document.



    ------------------------------
    Steinar
    ------------------------------



  • 11.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Feb 01, 2024 01:10 AM

    WAN MACsec part of Advanced feature pack is available from only 10.13 release onwards. Here are the features that comes under the feature pack

    MACsec policy :-

    bypass ieee-bpdu

    clear-tag-mode

    MKA policy :-

    eapol-destination-mac

    eapol-dot1q-tagged



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 12.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"
    Best Answer

    Posted Feb 02, 2024 04:11 AM

    Perfect, by utilizing one or more of these four options; an Advanced feature pack is required.
    This complete the requirement charts:



    ------------------------------
    Steinar
    ------------------------------