MACsec encryption mode

MACsec uses the following main modes of encryption:

The 802.1AE standard requires that the 802.1Q VLAN is encrypted. Some vendors provide the option of configuring MACsec on a port with VLAN in cleartext form. The 7210 SAS-K 2F6C4T, 7210 SAS-K 3SFP+ 8C, and 7210 SAS-Dxp 24p support both modes on both 1GE and 10GE ports.

The following figure shows VLAN in encrypted and cleartext form.

Figure: 802.1 AE LAN/WAN modes and VLAN encrypted/clear