Macsec Applications; Macsec Operating Mechanism - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
MACsec applications
MACsec supports the following application modes:
•
Client-oriented mode—Secures data transmission between the client and the access device.
The client can be a user terminal seeking access to the LAN or a device that supports the
802.1X client feature. In this mode, the authentication server generates and distributes the CAK
to the client and the access device. In this mode, MACsec must operate with 802.1X
authentication.
Figure 156 Client-oriented mode
Client
NOTE:
In client-oriented mode, an MKA-enabled port on the access device must perform port-based
802.1X access control. The authentication method must be EAP relay.
•
Device-oriented mode—Secures data transmission between devices. Unlike the
client-oriented mode, in this mode, the devices do not perform identity authentication, and the
same preshared key must be configured on the MACsec ports that connect the devices. The
devices use the configured preshared key as the CAK.
Figure 157 Device-oriented mode
Device A
MACsec operating mechanism
Operating mechanism for client-oriented mode
Figure 158
illustrates how MACsec operates in client-oriented mode.
Device
Authentication server
568
Device B
Advertisement
Table of Contents
Troubleshooting
