MACsec services
MACsec provides the following services:
Data encryption—Enables a port to encrypt outbound frames and decrypt MACsec-encrypted inbound frames.
Integrity check—Performs integrity check when the device receives a MACsec-encrypted frame. The integrity check uses the following process:
Uses a key negotiated by MKA to calculate an integrity check value (ICV) for the frame.
Compares the calculated ICV with the ICV in the frame trailer.
If the ICVs are the same, the device verifies the frame as legal.
If the ICVs are different, the device determines whether to drop the frame based on the validation mode.
MACsec replay protection—When MACsec frames are transmitted over the network, frame disorder might occur. MACsec replay protection allows the device to accept the out-of-order packets within the replay protection window size and drop other out-of-order packets.