Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


Against:  Man In The Middle or MITM

        compromising the confidentiality of the data

       Altering the data in the transit = compromising data integrity

MACsec:  on P2P ethernet link

            Encrypt and

           Authenticate

           Use the advance encryption standard:   gcm mode ( default)

          work at Layer 2 and protect: Data and control traffic :  LLDP, LACP, DHCP, ARP

Feature License



AES or Advanced Encryption Standard


Workflow
1- Exchange pre-shared key: CKN + CAK CKN or Connectivity Association Name
(same bot end)CAK or Connectivity Association Key


One will become the Key-server

use the MKA

Macsec Key Agreement Protocol

2- key-server will send the SAKSAK or Security Association key


Data encryption
3- +32 Bytes to the Mac frame




  • No labels