On 3 Feb 2014, at 8:10 am, Antonio Soares <amsoa...@netcabo.pt> wrote:
> I'm looking for the simplest way to do it. Most customers have L2 > connections between Data Centers. The edge device controlled by the customer > is a Layer 2 Switch. The mechanisms like IPSec, GETVPN, FlexVPN, an so on, > need a router in the edge. This implies modification of the customer's > topologies. L2 encryption seems the perfect solution and it seems there are > several options on the market. What about MacSec? Works between 3560X/4500/4500X/Sup2T/etc for wire rate L2 encryption. http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/15.1/XE_330SG/configuration/guide/swmacsec.html#wp1334072 says: This example shows how to configure Cisco TrustSec authentication in manual mode on an interface: Switch# configure terminal Switch(config)# interface tengiigabitethernet 1/1/2 Switch(config-if)# cts manual Switch(config-if-cts-manual)# sap pmk 1234abcdef mode-list gcm-encrypt null no-encap Switch(config-if-cts-manual)# no propagate sgt Switch(config-if-cts-manual)# exit Switch(config-if)# end (Its a copy and paste, even the typos ;)). Rgds, - I. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/