...
AES or Advanced Encryption Standard
| Workflow | |
|---|---|
| 1- Exchange pre-shared key: CKN + CAK | CKN or Connectivity Association Name |
| (same bot end) | CAK or Connectivity Association Key |
| >> Secure channel created for exchange of the SAK | |
| One will become the Key-server | use the MKA Macsec Key Agreement Protocol |
| 2- key-server will send the SAK | SAK or Security Association key |
| Data encryption | using the SAK to encrypt traffic |
3- +8 Byte Header +16 Byte trail MTU + 32 Bytes to the Mac frame | |
| Check License | |
|---|---|
| show system license | match macsec | |
| Configuration |
Enter the CKN ( 64bits ?? ) or Connectivity Association |
Name | set security macsec ca1 pre-shared-key ckn <key is a long hex number> |
| CAK | Link |
Static CAK | set security macsec ca1 security-mode static-cak |
Enter the |
CAK ( 32 bits ) or Connectivity Association Key | set security macsec ca1 pre-shared-key |
| cak <key is a long hex number> | |