MAC Security with Pre-shared Keys Authentication Limitations
The following limitations apply to the MAC Security (MACsec) with Pre-shared Keys (PSK) Authentication:
- This initial release of MACsec only
implements section point-to-point LANs within a secured network as described in
Clause 7.4 MACsec to
support Infrastructure LANs of the much broader standard outlined in
Port-Based Access Control. All other sections and clauses are not
NoteMACSec between customer edges over L2VPN is supported on untagged access ports.
- MACsec is only configurable using CLI commands. There is no SNMP access to the two MACsec MIBs defined by IEEE: IEEE8021X-PAE-MIB and IEEE8021-SECY-MIB.
- MACsec is not supported on ports with stacking enabled.
- MACsec is not supported on Extended Edge Switching ports.
- Hot swapping LRM/MACsec Adapters is not supported. MACsec must be disabled before hot swapping.
- The LRM/MACsec Adapters cannot be connected across slots on a stack.
- The 5720 and 5320 switches use their native MACsec. MACsec is not supported on an LRM/MACsec Adapter when connected to either of these switches.
- On the 5720 switch, corresponding 5720-VIM-6YE port groups need to be configured to 3x10G partition to support an LRM/MACsec Adapter and 10G-LRM optics.