Hey everyone,
We have a L2 P2P link between 2 sites that we would like to be secured with encryption since it passes over infrastructure that is not in our control.
At the ends of the link we have a 2930M and a 5406v3-J9990A both running AOS-SW 16.10.0009.
I tried enabling MACSEC on the ports connecting the two switches as documented on these pages:
https://techhub.hpe.com/eginfolib/networking/docs/switches/K-KA-KB/15-18/5998-8150_access_security_guide/content/v32677644.html
https://community.arubanetworks.com/t5/Video/MacSec-on-ArubaOS-switches/ta-p/293675
But to no avail, the moment I enable the macsec policy the port becomes "disabled by MACSEC" and this is all I get in the logs:
I 09/08/20 22:37:13 00435 ports: port X is Blocked by MACSEC
I found a topic about this in the security forum without any resolution:
https://community.arubanetworks.com/t5/Security/MacSec-Configuration/m-p/647475/highlight/false#M48969
And was hoping that the lack of resolution is just due to people spending more time here then there.
Setup of 5406 switch:
aaa port-access mka key-server-priority 18 S/Xy
aaa port-access mka transmit-interval 4 S/Xy
macsec policy "p2p-policy"
mode pre-shared-key ckn "[hexstring]" encrypted-cak "[encryptedstring]"
exit
macsec apply policy S/Xy
Setup of 2930m switch:
aaa port-access mka key-server-priority 14 X
aaa port-access mka transmit-interval 4 X
macsec policy "p2p-policy"
mode pre-shared-key ckn "[hexstring]" encrypted-cak "[encryptedstring]"
exit
macsec apply policy X