Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

MACSEC and spanning tree vstp

  • 1.  MACSEC and spanning tree vstp

    Posted 21 days ago
    Hello
    1. Background: 
       a. Topology
        ii. We have 3 VCs connected to each other. A,B,C
        iii. There is VSTP between all 3
    b. They are connected via L2 WAN lines
    c. We are trying to implement MACSEC between them
     
    I saw that there is a MACsec Limitation:
    All types of Spanning Tree Protocol frames cannot currently be encrypted using MACsec.
     
    I don't need the STP to be encrypted, so it is OK for me.
     
    Query: 
    MACsec does not encrypt STP, so I conclude STP frames sent in clear over tagged and untagged vlans. But, at the same time, MACsec does encrypt the tagging, correct? 
    So how will VSTP work, as the switch supposed to send STP frames in tagged vlans, which are encrypted?
     
    MACsec encrypts tagging
    MACsec does not encrypt STP
    STP sent inside tagged vlans


    ------------------------------
    EMIL TARANDASH
    ------------------------------