Cisco Network Convergence System 55A1 - Router 100GbE, 25GbE - rack-mountable - Flexible Consumption Model

• Client-oriented mode
  MACsec is used in setups where two routers that are peering with each other can alternate as a key server or a key client prior to exchanging keys. The key server generates and maintains the CAK between the two peers.
• Data integrity check
  MACsec uses MKA to generate an Integrity Check Value (ICV) for the frame arriving on the port. If the generated ICV is the same as the ICV in the frame, then the frame is accepted; otherwise, it is dropped.
• Data encryption
  MACsec provides port-level encryption on the line card of the router. This means that the frames sent out of the configured port are encrypted, and frames received on the port are decrypted. MACsec also provides a mechanism with which you can configure whether only encrypted frames or all frames (encrypted and plain) are accepted on the interface.
• Replay protection
  When frames are transmitted through the network, there is a possibility of frames getting out of the ordered sequence. MACsec provides a configurable window that accepts a specified number of out-of-sequence frames.
• Support for clear traffic
  If configured accordingly, data that is not encrypted is allowed to transit through the port.

The Cisco Network Convergence System 5500 Series is built with features such as high port densities, deep packet buffering, and forwarding hardware optimized for these types of deployments. These systems provide functionality vital to both the Top of Rack (ToR) and spine or leaf roles common to modern spine-and-leaf architectures. Capabilities such as advanced packet classification, segment routing, ultra-wide ECMP, programmable network management and telemetry are added to the robust and mature features.

• Client-oriented mode
• Data integrity check
• Data encryption
• Replay protection
• Support for clear traffic