Re: [c-nsp] MACSec Stages

2018-04-17 Thread Ian Mock 
Might this be what you're looking for?

https://communities.cisco.com/docs/DOC-69479



Ian Mock


On Tue, Apr 3, 2018 at 6:28 PM, Alex K.  wrote:

> Hello everyone,
>
> After a few implementations of MACSec, I began wondering is there a
> complete documentation of that technology out there?
>
> For example, I have quite an experience with L2TP. Now, SCCRP may sound
> like a bad language to some, but as we all know, it's an important step in
> tunnel setup. The internet is literally brimming with information about
> L2TP. As for MACSec, maybe it's only me - but I'm having a hard time
> finding information on MACSec internal workings (beyond packets formats)
> especially - when it comes to protocols stages and related cisco debugs.
>
> All I was able to find this far, are some really general sketches of MACSec
> exchanges and seemingly unrelated debug commands.
>
> Am I missing something? Any help, such as linking to proper documentation,
> successful and unsuccessful debug outputs and such, on and off-list, will
> be gladly appreciated.
>
>
> Thank you,
> Alex.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MACSec Stages

2018-04-17 Thread Nick Cutting 
I agree - I spent weeks with TAC cases open etc. and Cisco has no idea how this 
works either.

I gave up and built a L3 routed VPN.

I am waiting for the How-to article by Jeremey Stretch!
-Original Message-
From: cisco-nsp  On Behalf Of Alex K.
Sent: Tuesday, April 17, 2018 4:13 AM
To: Alan Buxey 
Cc: cisco-nsp 
Subject: Re: [c-nsp] MACSec Stages

This message originates from outside of your organisation.

Hello Alan and thank you for answering.

That's the point - all one can find by searching the standard ID, is a bunch of 
unrelated documents, some from IEEE, some from independent sources
- none display any coherent picture whatsoever.

Not to mention none provide any overview of the protocol. Just some not 
connected points.

Such lack of the documentation by all major vendors (white paper stating MACSEC 
is an encryption protocol, doesn't count as a documentation) hit the hardest 
when it comes to troubleshooting. No explanation for debugs, no known steps for 
endpoints to pass through, you're pretty much on your own trying to figure out 
what's going on.

Alex.

בתאריך יום ג׳, 10 באפר' 2018, 16:06, מאת Alan Buxey ‏:

> 802.1AE
>
> Look that up for how it works
>
> alan
>
> On Wed, 4 Apr 2018, 00:32 Alex K.,  wrote:
>
>> Hello everyone,
>>
>> After a few implementations of MACSec, I began wondering is there a 
>> complete documentation of that technology out there?
>>
>> For example, I have quite an experience with L2TP. Now, SCCRP may 
>> sound like a bad language to some, but as we all know, it's an 
>> important step in tunnel setup. The internet is literally brimming 
>> with information about L2TP. As for MACSec, maybe it's only me - but 
>> I'm having a hard time finding information on MACSec internal 
>> workings (beyond packets formats) especially - when it comes to protocols 
>> stages and related cisco debugs.
>>
>> All I was able to find this far, are some really general sketches of 
>> MACSec exchanges and seemingly unrelated debug commands.
>>
>> Am I missing something? Any help, such as linking to proper 
>> documentation, successful and unsuccessful debug outputs and such, on 
>> and off-list, will be gladly appreciated.
>>
>>
>> Thank you,
>> Alex.
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MACSec Stages

2018-04-17 Thread Alex K. 
Hello Alan and thank you for answering.

That's the point - all one can find by searching the standard ID, is a
bunch of unrelated documents, some from IEEE, some from independent sources
- none display any coherent picture whatsoever.

Not to mention none provide any overview of the protocol. Just some not
connected points.

Such lack of the documentation by all major vendors (white paper stating
MACSEC is an encryption protocol, doesn't count as a documentation) hit the
hardest when it comes to troubleshooting. No explanation for debugs, no
known steps for endpoints to pass through, you're pretty much on your own
trying to figure out what's going on.

Alex.

בתאריך יום ג׳, 10 באפר' 2018, 16:06, מאת Alan Buxey ‏:

> 802.1AE
>
> Look that up for how it works
>
> alan
>
> On Wed, 4 Apr 2018, 00:32 Alex K.,  wrote:
>
>> Hello everyone,
>>
>> After a few implementations of MACSec, I began wondering is there a
>> complete documentation of that technology out there?
>>
>> For example, I have quite an experience with L2TP. Now, SCCRP may sound
>> like a bad language to some, but as we all know, it's an important step in
>> tunnel setup. The internet is literally brimming with information about
>> L2TP. As for MACSec, maybe it's only me - but I'm having a hard time
>> finding information on MACSec internal workings (beyond packets formats)
>> especially - when it comes to protocols stages and related cisco debugs.
>>
>> All I was able to find this far, are some really general sketches of
>> MACSec
>> exchanges and seemingly unrelated debug commands.
>>
>> Am I missing something? Any help, such as linking to proper documentation,
>> successful and unsuccessful debug outputs and such, on and off-list, will
>> be gladly appreciated.
>>
>>
>> Thank you,
>> Alex.
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/