• Author : Oren Moshe


Vlan tagged MACsec

Description In addition to MACsec on physical interfaces (see https://eos.arista.com/eos-4-15-4f/macsec), MACsec can also be enabled on subinterfaces. Since subinterfaces are logical interfaces that send and receive VLAN tagged traffic, encryption/decryption is applied per VLAN tag. The vlan tag stays “in the clear” and is not encrypted. Platform compatibility DCS-7050CX3M-32S Configuration MAC Security profiles can be enabled on subinterfaces using the following command: Arista(config-if-Et1.10)#[no|default] mac security profile <profile-name> A Configuration Example The following example enables mac security on a subinterface with a predefined macsec profile ‘test-profile’. Arista(config)#interface ethernet1 Arista(config-if-Et1)#no switchport Arista(config-if-Et1)#interface ethernet1.10 Arista(config-if-Et1.10)#encapsulation dot1q vlan 20 Arista(config-if-Et1.10)#mac security profile test-profile Syslog...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: