Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Against:  Man In The Middle or MITM

        compromising the confidentiality of the data

       Altering the data in the transit = compromising data integrity

MACsec:  on P2P ethernet link

            Encrypt and

           Authenticate

           Use the advance encryption standard:   gcm mode ( default)

          work at Layer 2 and protect: Data and control traffic :  LLDP, LACP, DHCP, ARP

Feature License



AES or Advanced Encryption Standard


Workflow
1- Exchange pre-shared key: CKN + CAK CKN or Connectivity Association Name
(same bot end)CAK or Connectivity Association Key


One will become the Key-server

use the MKA

Macsec Key Agreement Protocol

2- key-server will send the SAKSAK or Security Association key


Data encryption
3- +32 Bytes to the Mac frame