- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: MacSec Point-to-Multipoint Wired
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2021 10:26 AM
06-16-2021 10:26 AM
Team,
I have a posted this in previous discussion which was tagged as closed already. I'm still new to this and I'm not sure if my queries will be answered.
Originally what we wanted is MACSec over wireless Bridge, and at the same time a point-to-multipoint setup. Now the Wireleess part has been discarded as it came clear to us that macsec will not work over it.
Now for the macsec point-to-multipoint, are there ways for aruba switches (particulary 2930) to support this requirement ? We have 5400 series at the site, but the 2930 is what we have at the area where MacSec will be terminated.
We were reviewing the HP Macsec config guide but it provides solution between two switch ports which is only good for point-to-point setup.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2021 10:37 AM
06-16-2021 10:37 AM
SolutionI will post it here as well:
Typically infrastructure MACsec is used in P2P links where you have only two participants since we speak about switches here, not hubs. Unfortunately you are right and documentation for these switches doesn't state clearly if group CAKs are supported and can you use 3 and more switches with one shared CAK on one link. I think it may have issues with replay protection... For example ArubaOS-CX guides clearly says "Provides Layer 2 hop-by-hop encryption on point-to-point Ethernet links.", and I doubt 2930 to have more extended feature than those. And also typically when a vendor supports group CAK there is a configuration abstraction for multiple key storage, like a keychain. There is no such in 2930...
But as with WDS - only a test can reveal the truth as this is really a corner case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2021 05:41 AM
06-17-2021 05:41 AM
Re: MacSec Point-to-Multipoint Wired
Thank you for the response.
You are right testing this setup is the best way to know what is working and what is not. It's a long shot for us but it might be worthied to give it a try. Will post some updates here if anything helpful comes out.