switch (config-macsec-policy) – conf-offset -CONF-OFFSET-0 | CONF-OFFSET-30 | CONF-OFFSET-50-MACsec provides encryption using the Advanced Encryption Standard (AES) algorithm in Layer 2. MACsec uses the MKA protocol to exchange session keys and manage encryption keys. MACsec provides MAC-Layer encryption via wired networks using band encryption methods. The infrastructure required to set up a MACsec service is reached by Cisco`s proprietary protocol, the safety protocol (SA) or the MKA protocol based on 802.1x-rev2010 standards. For more information on setting up a MACsec service using the SA protocol, see the “Set up Cisco TrustSec” chapter. switch (config-macsec-policy) – Encryption suite -GCM-AES-128 | GCM-AES-256 | GCM-AES-XPN-128 | GCM-AES-XPN-256 MKA interacts with a Cisco TrustSec process to obtain Cisco TrustSec SA protocol and SGT details. The text of the package in an EAP (Extensible Authentication Protocol) over LAN (EAPOL) Protocol Data Unit (PDU) is called MACsec Key Agreement PDU (MKPDU). If, after three Heartbeats, no MKPDU is received by a participant, the corresponding participant will be removed from the live peer list. Each heartbeat lasts 2 seconds. If z.B. one of the remote switches is disconnected, the appropriate local switch considers that the remote subscriber switch is lost after three measurements. The MKA protocol with key server priority is defined in the IEEE 802.1X – 2010 standard.
It is used to identify members of a connectivity classification (CA) and establish a secure relationship between members to coordinate cryptographic algorithms and keys used for encryption/decryption, to protect data transmission over the local network. IEEE 802 Local Area Networks (LANs) is used in networks that support enterprise-critical applications and a variety of devices implemented and managed by different organizations that serve customers with different economic interests. Protocols that configure, manage and regulate access to these networks typically go through the networks themselves. Avoiding data interruptions and loss due to transmission and reception by unauthorized devices is a necessary network capability, as it is generally not possible to protect an entire network from physical access. In my previous blog, I focused on validating MACsec hardware implementations. In this one, I will focus on validation for the MACsec-Control – MACsec Key Agreement (MKA) protocol. MACsec is a standard layer-by-hop encryption IEEE 802.1AE that provides data privacy, integrity and reproductive protection for protocols without media access.