Cisco
400-007 · Question #40
400-007 Question #40: Real Exam Question with Answer & Explanation
The correct answer is A: EoMPLS. MACsec (IEEE 802.1AE) operates at Layer 2 and requires the transport technology to preserve the Ethernet frame structure end-to-end; only Layer 2 MPLS-based DCI technologies satisfy this requirement.
Question
You have been tasked with designing a data center interconnect to provide business continuity. You want to encrypt the traffic over the DCI using IEEE 802.1AE MACsec to prevent the deployment of any firewall or IPS. Which two interconnect technologies support MACsec? (Choose two.)
Options
- AEoMPLS
- BMPLS Layer 3 VPN
- CDMVPN
- DGET VPN
- EKVPLS
Explanation
MACsec (IEEE 802.1AE) operates at Layer 2 and requires the transport technology to preserve the Ethernet frame structure end-to-end; only Layer 2 MPLS-based DCI technologies satisfy this requirement.
Common mistakes.
- B. MPLS Layer 3 VPN operates at the IP layer and strips the original Ethernet headers before forwarding traffic, removing the Layer 2 context that MACsec depends on for encrypting frames between endpoints.
- C. DMVPN is a Layer 3 GRE/IPsec overlay that encapsulates IP packets rather than Ethernet frames, so it does not provide the Layer 2 adjacency required for MACsec to function between DCI endpoints.
- D. GET VPN is a group-based IP encryption technology that protects Layer 3 traffic and does not operate on or preserve Ethernet frames, making it fundamentally incompatible with the IEEE 802.1AE MACsec standard.
Concept tested. MACsec support over Layer 2 DCI transport technologies
Community Discussion
No community discussion yet for this question.