MACsec

Media Access Control Security (MACsec) is an industry-standard security technology that provides secure communication for almost all types of traffic on Ethernet links. MACsec provides point-to-point and point-to-multipoint security on Ethernet links between directly-connected nodes or nodes connected via a Layer 2 cloud. MACsec can identify and prevent most security threats, including:

• denial of service

• intrusion

• man-in-the-middle

• masquerading

• passive wiretapping

• playback attacks

MACsec Layer 2 encryption is standardized in IEEE 802.1AE. MACsec encrypts anything from the 802.1AE header to the end of the payload including 802.1Q. MACsec leaves the DMAC and SMAC in clear text.

Figure 1 shows the 802.1AE LAN-Mode structure.

Figure 1. 802.1 AE LAN-MODE

The forwarding on a MACsec packet is performed using the destination MAC address, which is in clear text.