• Author : Sambath Kumar Balasubramanian

 
 

MACsec Proxy For Front Panel Ports

Description This feature enables MACsec service for non MACsec capable front panel ports. MACsec over front panel port is provided by mapping a front panel port to a MACSec proxy subinterface.  Packets transmitted on the MACsec proxy subinterface will be encrypted and patched to the front panel port. Packets received on the front panel port will be patched to the MACsec proxy subinterface where these are decrypted and then routed. MKA negotiates and renews encryption keys. A MACsec capable front panel port has to be dedicated for this purpose and cannot be plugged in as it will be used to...
Continue reading →

Macsec Proxy For Vxlan

Description This feature enables MacSec service over VxLAN . Macsec over Vxlan is provided by mapping a VNI, Remote VTEP Ip to a Macsec proxy sub interface. Any packets routed to the macsec proxy sub interface will be encrypted and tunneled to the remote VTEP. On the receive path packets will be decrypted, then decapped and forwarded. MKA negotiates and renews encryption keys. A MACsec capable front panel port has to be dedicated for this purpose and cannot be plugged in as it will be used to recycle packets being encrypted and decrypted. Platform compatibility 7280SRAM-48C6 7280CR2M-30 7500R2M-36CQ-LC Configuration The...
Continue reading →

sFlow output interface

On 7500E, sFlow output interface feature enables sFlow to use the hardware provided output interface and avoiding software simulation. The below configuration is needed only for releases before 4.15.2F. From 4.15.2F Sflow agent always uses hardware provided output interface to report in the samples. Configuration To enable this feature, sFlow extended switch header, and extended router header need to be disabled and sFlow output interface has to be enabled. sFlow extended switch header, and extended router header have to be disabled since deriving the extension headers using 7500E provided information is not supported yet. sFlow output interface is enabled by default. Arista(config)#no sflow extension switch...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: