4.15. Using MACsec
Media Access Control Security
(MACsec
, IEEE 802.1AE) encrypts and authenticates all traffic in LANs with the GCM-AES-128 algorithm. MACsec
can protect not only IP
but also Address Resolution Protocol (ARP), Neighbor Discovery (ND), or DHCP
. While IPsec
operates on the network layer (layer 3) and SSL
or TLS
on the application layer (layer 7), MACsec
operates in the data link layer (layer 2). Combine MACsec
with security protocols for other networking layers to take advantage of different security features that these standards provide.
See the MACsec: a different solution to encrypt network traffic article for more information about the architecture of a
MACsec
network, use case scenarios, and configuration examples.
For examples how to configure MACsec using wpa_supplicant and NetworkManager, see the Red Hat Enterprise Linux 7 Networking Guide.