Example: macsec over l2tp3

TopologyConfigurationsVerificationEmulation

r1

hostname r1
vrf def v1
 rd 1:1
 exit
crypto ipsec ips
 group 02
 cipher aes256cbc
 hash sha1
 key tester
 exit
int eth1
 vrf for v1
 ipv4 addr 9.9.9.1 255.255.255.252
 ipv6 addr 9999::1 ffff::
 exit
int tun1
 tunnel vrf v1
 tunnel key 1234
 tunnel mode l2tp3
 tunnel source ethernet1
 tunnel destination 9999::2
 vrf for v1
 macsec ips
 ipv4 addr 1.1.1.1 255.255.255.0
 ipv6 addr 1234::1 ffff::
 exit

r2

hostname r2
vrf def v1
 rd 1:1
 exit
crypto ipsec ips
 group 02
 cipher aes256cbc
 hash sha1
 key tester
 exit
int eth1
 vrf for v1
 ipv4 addr 9.9.9.2 255.255.255.252
 ipv6 addr 9999::2 ffff::
 exit
int tun1
 tunnel vrf v1
 tunnel key 1234
 tunnel mode l2tp3
 tunnel source ethernet1
 tunnel destination 9999::1
 vrf for v1
 macsec ips
 ipv4 addr 1.1.1.2 255.255.255.0
 ipv6 addr 1234::2 ffff::
 exit

r1 tping 100 30 1.1.1.2 vrf v1
r2 tping 100 30 1.1.1.1 vrf v1
r1 tping 100 30 1234::2 vrf v1
r2 tping 100 30 1234::1 vrf v1

ContainerLabfreeRtr CLI

1. Install ContainerLab as described here
2. Fetch crypt-macsec55 file
3. Launch ContainerLab crypt-macsec55.yml topology:

   containerlab deploy --topo crypt-macsec55.yml  

4. Destroy ContainerLab crypt-macsec55.yml topology:

   containerlab destroy --topo crypt-macsec55.yml  

5. Copy-paste configuration for each node in the lab topology

1. Fetch or compile freeRtr rtr.jar file.
   You can grab it here
2. Fetch crypt-macsec55.tst file here
3. Launch crypt-macsec55.tst test:

   java -jar ../../rtr.jar test tester crypt-macsec55 path ./ temp ./ wait

4. Destroy freeRtr crypt-macsec55.tst test:

   Ctrl-C (In freeRtr test window)