[172611] in North American Network Operators' Group
Re: MACsec SFP
daemon@ATHENA.MIT.EDU (Pieter Hulshoff)
Wed Jun 25 16:56:29 2014
X-Original-To: nanog@nanog.org
Date: Wed, 25 Jun 2014 22:51:04 +0200
From: Pieter Hulshoff <phulshof@aimvalley.nl>
To: Christopher Morrow <morrowc.lists@gmail.com>,
John Schiel <jschiel@flowtools.net>
In-Reply-To: <CAL9jLabUgyKgMBdCut7V7qoaPKEd00ccXxRRLot5wgw_VfZ4dA@mail.gmail.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 25-06-14 22:45, Christopher Morrow wrote:
> today you program the key (on switches that do macsec, not in an SFP
> that does it for you, cause those don't exist, yet) in your router
> config and as near as I have seen there isn't a key distribution
> protocol aside from that which you write/manage yourself and which is
> likely using ssh/snmp(ick)/telnet(ick).
I'm not familiar with the MACsec key distribution available in current
routers/switches. Are you saying Cisco doesn't support EAP and/or MKA
for this purpose or just that the command protocol for configuring
EAP/MKA is run via SSH/SNMP/telnet?
Kind regards,
Pieter Hulshoff
