MACsec Feature Overview and Configuration Guide

MACsec (Media Access Control Security) provides line-rate encryption and protection of traffic passing over a Layer 2 network or link. It protects all frames passing over the link, including Layer 2 protocols such as ARP.

MACsec can provide the following services:

  • Connectionless data integrity—ensures the frame has not been modified en route.
  • Data origin authenticity—ensures the frame was sent by one of the MACsec peers.
  • Confidentiality—encrypts the frame’s EtherType and payload to ensure they cannot be read en route.
  • Replay protection—ensures the same frame is not received more than once.

Note that MACsec operates within a single Layer 2 network or segment, so it cannot provide end-to-end protection of routed IP traffic, such as traffic passing over the open Internet.

This guide describes MACsec and how to configure it on AlliedWare Plus™ devices.

AlliedWare Plus

MACsec Feature Overview and Configuration Guide (Rev C)(632.72 KB)