Cisco WAN MACsec – Encryption Solution to Protect Your Network

Cisco WAN MACsec – Encryption Solution to Protect Your Network


This video shows you how to deploy the Cisco WAN MACsec encryption solution to secure your network traffic. We
live in a world where businesses no longer operate in silos or on single platforms. Your organization, for example, may engage
with multiple service providers, cloud infrastructure, and may span across large enterprise networks. This makes your network traffic susceptible
to data tampering in the form of eavesdropping, Man-in-the-middle attacks, and so on. To prevent such malicious and damaging attacks
to your business network, you need a solution that provides seamless security, is easy to
deploy, and simple to manage. This way the network traffic can continue
to safely hop across service provider networks, cloud infrastructure, and enterprise networks. To achieve this, what you need is Cisco WAN
MACsec, which uses all the powerful features of MACsec, tops it up with line-rate encryption, and ease of management. This means your Layer 2 ethernet network is
secured and uncompromised. This video shows you how to deploy WAN MACsec
in an EoMPLS network in a P2MP scenario. In an EoMPLS network, you can connect multiple
Layer 2 Ethernet networks at different locations. To enable connecting to different service
providers over EoMPLS, WAN MACsec supports 802.1Q tag in the clear, which helps connect
to remote sites over public E-LINE or E-LAN services without disrupting the service provider
network. The 802.1Q tag in clear opens a multitude
of design options for securing complex networks. Unique to the Cisco WAN MACsec solution is
the ability for EAPoL frames to seamlessly navigate across a diverse service provider
network. This configurable option ensures that the
service provider transmits the EAPoL frames instead of using them. This is the solution that fits your needs
to securely connect all your remote sites. When you use a service provider network to
exchange data between networks, it is important that you encrypt the data in transit to prevent
tampering. As you see in the workflow, the traffic between
CE1-and CE2 routers is encrypted. The PE routers in the network ensure that
the data reaches its intended destination. Even if these remote sites are supported by
a non-MACsec-enabled router, WAN MACsec can still be used to encrypt network traffic. The Cisco WAN MACsec solution provides the
capability to support MACsec-enabled and non-MACsec-enabled routers in the same environment, leading to
seamless migration. WAN MACsec can be easily configured on an
interface in a snap. Let us see how to do it. All you need to do is specify a keychain name,
associate the keychain to the interface for MKA, and then enable MACsec on the interface. As you see in this example, we have configured
a key chain named “mka-keychain” with keys. The mka-keychain is associated with a pre-shared
key on the interface and then MACsec is enabled on the interface. For EAPoL frames to navigate seamlessly across
the service provider network, just modify the destination address and Ethernet type
for the EAPoL frame. That’s it! The WAN MACsec configuration is complete. Now MKA starts negotiating the session and
programs the MACsec hardware, and all the data is encrypted. After configuring WAN MACsec, use the show
mka session command to verify that the configuration was successful. As you can see from the show command output,
the interface on which the MKA session is active and secured, confirming that the configuration
is successful. That’s how simple configuring WAN MACsec on
an interface is! Regardless of your network configuration,
you can be assured of high-speed and secure data encryption, thanks
to Cisco WAN MACsec. Cisco WAN MACsec —
Your quick-to-deploy, effective encryption solution. To know more about your network’s possibilities
and options with Cisco WAN MACsec, contact [email protected]

7 thoughts to “Cisco WAN MACsec – Encryption Solution to Protect Your Network”

  1. that wasnt encryption, that was 2 routers cursing over having to pass data to john smith! but really this is needed even from a single site security implementation

  2. Redes e tudo com a cisco então fica assim mesmo com excelente resultado de recursos humanos na sua mente sem ficar com dúvidas sobre teia www

  3. It means that it doesn't matter having an interface type L3 or L2, MACsec can co-exist by focusing the encryption on link layer(physical layer).
    Is that right ?

  4. While ordinarily, I am against ASIC in combination with cryptography. Here I see 802.1AE deployed quite well, with GCM-AES-{128,256} and Cisco claiming 10 Gbps line-rate encryption, hence I would say MACsec has a bright future.

Leave a Reply

Your email address will not be published. Required fields are marked *