- Media Access Control Security (MACsec) is supported only on the 7210 SAS-K 2F6C4T ETR, 7210 SAS-K 3SFP+ 8C, and 7210 SAS-Dxp 24p.
- On the 7210 SAS-Dxp 24p, MACsec is available on four ports:
- 1 GE SFP ports 1/1/19 and 1/1/20
- 1/10 GE SFP+ ports 1/1/17 and 1/1/18
MACsec is a security technology that provides secure communication for almost all types of traffic on Ethernet links. MACsec provides point-to-point and point-to-multipoint security on Ethernet links between directly connected nodes, or nodes connected using a Layer 2 cloud.
MACsec can identify and prevent most security threats, including:
denial of service
intrusion
man-in-the-middle
masquerading
passive wiretapping
playback attacks
MACsec, defined in IEEE 802.1AE, uses Layer 2 to encrypt MACsec to encrypt anything from the 802.1AE header to the end of the payload, including 802.1Q. MACsec leaves the DMAC and SMAC in cleartext.
The following figure shows the 802.1AE LAN-mode structure.
Forwarding a MACsec packet uses the destination MAC address, which is in cleartext.