Wired Intelligent Edge

 View Only
Expand all | Collapse all

AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

This thread has been viewed 66 times
  • 1.  AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Dec 21, 2023 09:15 AM
    Edited by Steinar Grande Dec 21, 2023 09:42 AM
      |   view attached

    Can someone please elaborate on the need for that license,

    hence the fact that the cli commands is sticking. (without)

    The only reference in the manual  is this:

    Yes, stating Honor, is that it ??

    But maby not for long:

    Please note that HPE Aruba Networking will remove support for Honor mode in a
    future release and advanced features will only be operational if the applicable
    subscription fees are paid and a valid feature pack is installed.

    (included extended manual)



    ------------------------------
    Steinar
    ------------------------------

    Attachment(s)



  • 2.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 05, 2024 03:30 AM

    You will find more detailed information and explanation about feature pack here:

    https://www.youtube.com/watch?v=0VWJEaWtBUA&list=PLsYGHuNuBZcbdzpcdZiqrEeoeOYljy5J6

    WAN MACsec comes in CX Advanced Feature pack.




  • 3.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 11, 2024 05:57 AM

    No, nothing there to the issue...



    ------------------------------
    Steinar
    ------------------------------



  • 4.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 03:01 AM

    CLIs will be available, but functionality will not be working in "Strict" mode of feature-pack. 



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 5.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 04:35 AM
    Edited by Steinar Grande Jan 16, 2024 05:07 AM

    Yes, thanks; you are right:

    # show feature-pack

    Feature Pack Summary

    ====================

    Name             : --

    Expiration Date  : --

    Serial Number(s) : --

    MAC Address      : --

    Hostname         : --

    Type             : --

    Mode             : File Based

    State            : No feature pack installed

    Error Reason     : none

                                                    Subscription  Feature

    Feature                                                            Status        Status

    ---------------------------------------------------------------------------------------

    MACsec extensions for WAN                       inactive      blocked

    But this do not explain then why it is not working in a none/without "MACsec extensions for WAN" as back to Lan MACsec in 10.10.0002



    ------------------------------
    Steinar
    ------------------------------



  • 6.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 04:41 AM
    Edited by Steinar Grande Jan 16, 2024 05:10 AM

    please elaborate on "strict" mode, can only find:

    config)# feature-pack mode


      cloud-managed   Obtain subscription information from a cloud-based server
      file-based              Obtain subscription information from a local file (default)
      honor                     A valid subscription exists, but cannot be installed



    ------------------------------
    Steinar
    ------------------------------



  • 7.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 16, 2024 05:36 AM

    you don't see strict written rather you will see it as inactive and blocked + state as " no feature pack installed"



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 8.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 17, 2024 05:46 AM
    Edited by Steinar Grande Jan 17, 2024 06:13 AM
      |   view attached

    Please complete the following chart for the CX Advanced Feature Pack Requeriments:

    (with a clear and distinct yes/no/NA) Please

    Thanks



    ------------------------------
    Steinar
    ------------------------------

    Attachment(s)

    xlsx
    Arubamacsecwan.xlsx   17 KB 1 version


  • 9.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 18, 2024 09:09 AM
    Edited by Steinar Grande Jan 18, 2024 09:30 AM

    as to my understanding a have added the "not available", in 10.10.0002 column

    and added the AOS MacSec features available in other Aruba switches license free.



    ------------------------------
    Steinar
    ------------------------------



  • 10.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Jan 27, 2024 07:20 AM
    Edited by Steinar Grande Feb 02, 2024 04:11 AM

    I have now successfully connect an AOS and AOS-CX switches and port with MacSec over

    an ISP MPLS network. (port 1/1/1). 

    With a 10, Gb Jumbo framed traffic flow. Also tested locally with direct fiber connection.(1/1/2)

    This assure a secure/encrypted, tamper free, confidential traffic connection.

    And fast: :)


    I have completed as far as my understanding the Feature pack requirement table based on this. (CX 10.10 not tested)

    And the running code and status for everybody to enjoy

    But I really hope Aruba finalize the document.



    ------------------------------
    Steinar
    ------------------------------



  • 11.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"

    Posted Feb 01, 2024 01:10 AM

    WAN MACsec part of Advanced feature pack is available from only 10.13 release onwards. Here are the features that comes under the feature pack

    MACsec policy :-

    bypass ieee-bpdu

    clear-tag-mode

    MKA policy :-

    eapol-destination-mac

    eapol-dot1q-tagged



    ------------------------------
    Shobana
    Aruba
    ------------------------------



  • 12.  RE: AOS-CX 10.13 Update: MACsec & "Part of CX Advanced Feature Pack"
    Best Answer

    Posted Feb 02, 2024 04:11 AM
    Edited by Steinar Grande Feb 02, 2024 04:15 AM

    Perfect, by utilizing one or more of these four options; an Advanced feature pack is required.
    This complete the requirement charts:



    ------------------------------
    Steinar
    ------------------------------