MACSec Redux


Good ol’ MACSec.

First, I posted a quick and dirty notes-for-myself, MACSec how-to for Juniper.

Then, I posted a similar MACSec howto for Cisco. So here’s a miscellany of different macsec implementations.

Let’s say you want to run your own router, because your Layer 8 & 9 specialists mandate it, here MACSec on linux.

Here’s a guy who did cisco-switch-to-cisco-switch macsec over an mpls link between a cisco and juniper router (because macsec works at layer 1 and thus you need to fake layer 1 via MLPS). So that’s a thing.

Here’s the Extreme Network’s MACSec implementation:

set macsec port mka enable tg.1.1
set macsec pre-shared-key port tg.1.1 ckn foo cak passphrase bar

HP switches macsec config

Brocade MACSec details and also a Brocade sample config of MACSec.