MAC Security with Pre-shared Keys
Authentication Limitations
The following limitations apply to the MAC Security (MACsec) with Pre-shared
Keys (PSK) Authentication:
- This initial release of MACsec only
implements section point-to-point LANs within a secured network as described in
Clause 7.4 MACsec to
support Infrastructure LANs of the much broader standard outlined in
IEEE802.1X-2010
Port-Based Access Control. All other sections and clauses are not
supported.
Note
MACSec
between customer edges over L2VPN is supported on untagged access
ports.
- MACsec is only configurable using CLI commands. There is no SNMP access to the
two MACsec MIBs defined by IEEE: IEEE8021X-PAE-MIB and IEEE8021-SECY-MIB.
- MACsec is not supported on ports with stacking enabled.
- MACsec is not supported on Extended Edge Switching ports.
- Hot swapping LRM/MACsec Adapters is not supported. MACsec must be disabled
before hot swapping.
- The LRM/MACsec Adapters cannot be connected across slots on a
stack.
- The 5720 and 5320 switches use their native MACsec. MACsec is not
supported on an LRM/MACsec Adapter when connected to either of these switches.
- On the 5720 switch, corresponding 5720-VIM-6YE port groups need to be configured
to 3x10G partition to support an LRM/MACsec Adapter and 10G-LRM optics.