L2 Security—MACsec
应用文章
MACsec as a technology consists of multiple protocols to provide Layer2 level security. The services it provides are data integrity, encryption, authentication, and replay protection. It uses multiple protocols to provide the services. For authentication, it uses 802.1x EAPOL-EAP to provide access control and generation of Master Secret Key. In the absence of 802.1x, a pre- shared key {CAK, CKN} also can be used as the master key. For key agreement, it uses 802.1x EAPOL-MKA to manage the Keys, Key Server election, Regeneration/Distribution of keys, and the group member liveness check. There can be another option to not use MKA and configure the encryption keys (that is, SAKs) statically. For encryption/decryption of User data with integrity check, it follows the 802.1AE-2018 specification.
IxNetwork has a comprehensive support of MACsec capabilities that works with static key distribution mode as well as key distributed by MKA, based on IEEE 802.1AE-2018 and IEEE 802.1X-2020 standards. This document focuses on identifying and showcasing topologies that can be used to qualify any system supporting MACsec by using the IxNetwork MACsec solution.