The MACsec 802.1AE header includes a security TAG (SecTAG) field that contains the following:
association number within the channel
packet number to provide a unique initialization vector for encryption and authentication algorithms as well as protection against replay attack
optional LAN-Wide secure channel identifier
The security field, which is identified by the MACsec EtherType, conveys the following information:
TAG Control Information (TCI)
Association Number (AN)
Short Length (SL)
Packet Number (PN)
Optionally-encoded Secure Channel Identifier (SCI)
Figure 1 shows the format of the SecTAG.