Security

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
Occasional Contributor II

MacSec Configuration

I have 3 switches. I am trying to set up a link from switch A to B and from switch C to B.

 

The link between switch A and B is a VlAN with a /30 ip. I have one port on A and one on B that are untagged on that VLAN and I have RIP and MacSec running. This link works perfect. 

I tried the same with the link between switch B and C, but on switch B, MacSec keeps blocking the port and I dont know why.

 

Switch A configs:

macsec policy policyx

Mode pre-shared-key ckn xxxxxxxx## cak ##xxxxxxxx

macsec apply policy policyx c20

aaa port-access mka server-priority 18 transmit-interval 4 c20

 

vlan 1

untagged c20

ip address x.x.x.1 /30

ip rip x.x.x.1

 

switch B configs

macsec policy policyx

mode pre-shared-key ckn xxxxxxxx## cak ##xxxxxxxx

macsec apply policy policyx c20

 

vlan 1

untagged c20

ip address x.x.x.2 /30

ip rip x.x.x.2

 

That setup between A and B is good. I have the same between B and C just different ip, vlan # macsec policy and ckn/ cak...

 

 

 

Highlighted
Contributor II

Re: MacSec Configuration

Did you ever resolve this?

 

We're having a similar issue - 2930m <L2 P2P link> 5406v3

 

Link works fine without macsec but the moment I try to enable macsec on it it goes down and doesn't come up again.

Highlighted
Contributor II

Re: MacSec Configuration

Minor update - it seems that in our case the problem lay in the ISP/Infrastrucuture provider network.

 

Also macsec was not entirely what we were looking for so the search continues....

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: