Run MACsec and VLAN in parallel?

Clash Royale CLAN TAG#URR8PPP

up vote
4
down vote

favorite

MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.

If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.

However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?

ethernet security mac

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
4
down vote

favorite

MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.

If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.

However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?

ethernet security mac

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
4
down vote

favorite

up vote
4
down vote

favorite

MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.

If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.

However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?

ethernet security mac

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.

If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.

However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?

ethernet security mac

ethernet security mac

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

asked 3 hours ago

null

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 3 hours ago

null

1212

asked 3 hours ago

null

1212

1212

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
3
down vote

Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:

The WAN MACsec offering is standards based but offers additional
capabilities not found in earlier MACsec capabilities. More
specifically, MACsec can be leveraged by enterprise customers over
public carrier Ethernet offerings, allowing customers to adapt to the
public carrier Ethernet service offering and capabilities (or
restrictions).

New enhancements for WAN MACsec include:

1. 802.1Q Tag in the Clear




2. Standard IEEE 802.1X-rev MACsec Key Agreement




3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport




4. 802.1Q Tag in the Clear

This enhancement offers the ability to expose the 802.1Q tag outside
the encrypted MACsec header. Exposing this field offers a multitude of
design options with MACsec, and in some cases of public Carrier
Ethernet transport providers, is necessary for leveraging certain
transport services (see use case section).

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

null is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54547%2frun-macsec-and-vlan-in-parallel%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote

Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:

The WAN MACsec offering is standards based but offers additional
capabilities not found in earlier MACsec capabilities. More
specifically, MACsec can be leveraged by enterprise customers over
public carrier Ethernet offerings, allowing customers to adapt to the
public carrier Ethernet service offering and capabilities (or
restrictions).

New enhancements for WAN MACsec include:

1. 802.1Q Tag in the Clear




2. Standard IEEE 802.1X-rev MACsec Key Agreement




3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport




4. 802.1Q Tag in the Clear

This enhancement offers the ability to expose the 802.1Q tag outside
the encrypted MACsec header. Exposing this field offers a multitude of
design options with MACsec, and in some cases of public Carrier
Ethernet transport providers, is necessary for leveraging certain
transport services (see use case section).

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

add a comment | 

up vote
3
down vote

Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:

The WAN MACsec offering is standards based but offers additional
capabilities not found in earlier MACsec capabilities. More
specifically, MACsec can be leveraged by enterprise customers over
public carrier Ethernet offerings, allowing customers to adapt to the
public carrier Ethernet service offering and capabilities (or
restrictions).

New enhancements for WAN MACsec include:

1. 802.1Q Tag in the Clear




2. Standard IEEE 802.1X-rev MACsec Key Agreement




3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport




4. 802.1Q Tag in the Clear

This enhancement offers the ability to expose the 802.1Q tag outside
the encrypted MACsec header. Exposing this field offers a multitude of
design options with MACsec, and in some cases of public Carrier
Ethernet transport providers, is necessary for leveraging certain
transport services (see use case section).

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

add a comment | 

up vote
3
down vote

up vote
3
down vote

Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:

The WAN MACsec offering is standards based but offers additional
capabilities not found in earlier MACsec capabilities. More
specifically, MACsec can be leveraged by enterprise customers over
public carrier Ethernet offerings, allowing customers to adapt to the
public carrier Ethernet service offering and capabilities (or
restrictions).

New enhancements for WAN MACsec include:

1. 802.1Q Tag in the Clear




2. Standard IEEE 802.1X-rev MACsec Key Agreement




3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport




4. 802.1Q Tag in the Clear

This enhancement offers the ability to expose the 802.1Q tag outside
the encrypted MACsec header. Exposing this field offers a multitude of
design options with MACsec, and in some cases of public Carrier
Ethernet transport providers, is necessary for leveraging certain
transport services (see use case section).

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:

The WAN MACsec offering is standards based but offers additional
capabilities not found in earlier MACsec capabilities. More
specifically, MACsec can be leveraged by enterprise customers over
public carrier Ethernet offerings, allowing customers to adapt to the
public carrier Ethernet service offering and capabilities (or
restrictions).

New enhancements for WAN MACsec include:

1. 802.1Q Tag in the Clear




2. Standard IEEE 802.1X-rev MACsec Key Agreement




3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport




4. 802.1Q Tag in the Clear

This enhancement offers the ability to expose the 802.1Q tag outside
the encrypted MACsec header. Exposing this field offers a multitude of
design options with MACsec, and in some cases of public Carrier
Ethernet transport providers, is necessary for leveraging certain
transport services (see use case section).

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

share|improve this answer

share|improve this answer

answered 3 hours ago

Ron Trunk

32.7k22869

answered 3 hours ago

Ron Trunk

32.7k22869

answered 3 hours ago

Ron Trunk

32.7k22869

32.7k22869

add a comment | 

add a comment | 

null is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

null is a new contributor. Be nice, and check out our Code of Conduct.

null is a new contributor. Be nice, and check out our Code of Conduct.

null is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54547%2frun-macsec-and-vlan-in-parallel%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email