802.1x-2010 had identified two fields in the MKA PDU. Those fields are:
MACsec Capability
Desire
MACsec Capability signals weather MACsec is capable of integrity and confidentiality. Table: MACsec basic settings describes the four basic settings for MACsec Capability.
Setting | Description |
---|---|
0 |
MACsec is not implemented |
1 |
Integrity without confidentiality |
2 |
The following are supported:
|
31 | The following are supported:
|
An encryption offset of 0, 30, or 50 starts from the byte after the SecTAG (802.1ae header). Ideally, the encryption offset should be configured for IPv4 (offset 30) and IPv6 (offset 50) to leave the IP header in the clear text. This allows routers and switches to use the IP header for LAG or ECMP hashing.