Run MACsec and VLAN in parallel?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite












MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.



If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.



However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?










share|improve this question







New contributor




null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.























    up vote
    4
    down vote

    favorite












    MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.



    If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.



    However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?










    share|improve this question







    New contributor




    null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      4
      down vote

      favorite









      up vote
      4
      down vote

      favorite











      MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.



      If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.



      However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?










      share|improve this question







      New contributor




      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      MACsec (IEEE 802.1ae) adds a security tag to an Ethernet frame and encrypts the IEEE 802.1Q field, the EtherType and the payload field.



      If you want to use VLAN, you need the 802.1Q field to announce the VLAN ID. The EtherType is usually set to 0x8100.



      However, both MACsec and VLAN use an unique EtherType. As far as I undertand, the security tag introduced by MACsec uses an own EtherType. Is it possible to use MACsec and VLAN in parallel?







      ethernet security mac






      share|improve this question







      New contributor




      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 hours ago









      null

      1212




      1212




      New contributor




      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      null is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote













          Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:




          The WAN MACsec offering is standards based but offers additional
          capabilities not found in earlier MACsec capabilities. More
          specifically, MACsec can be leveraged by enterprise customers over
          public carrier Ethernet offerings, allowing customers to adapt to the
          public carrier Ethernet service offering and capabilities (or
          restrictions).



          New enhancements for WAN MACsec include:



          1. 802.1Q Tag in the Clear


          2. Standard IEEE 802.1X-rev MACsec Key Agreement


          3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport


          4. 802.1Q Tag in the Clear


          This enhancement offers the ability to expose the 802.1Q tag outside
          the encrypted MACsec header. Exposing this field offers a multitude of
          design options with MACsec, and in some cases of public Carrier
          Ethernet transport providers, is necessary for leveraging certain
          transport services (see use case section).




          https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html






          share|improve this answer




















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "496"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            null is a new contributor. Be nice, and check out our Code of Conduct.









             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54547%2frun-macsec-and-vlan-in-parallel%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            3
            down vote













            Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:




            The WAN MACsec offering is standards based but offers additional
            capabilities not found in earlier MACsec capabilities. More
            specifically, MACsec can be leveraged by enterprise customers over
            public carrier Ethernet offerings, allowing customers to adapt to the
            public carrier Ethernet service offering and capabilities (or
            restrictions).



            New enhancements for WAN MACsec include:



            1. 802.1Q Tag in the Clear


            2. Standard IEEE 802.1X-rev MACsec Key Agreement


            3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport


            4. 802.1Q Tag in the Clear


            This enhancement offers the ability to expose the 802.1Q tag outside
            the encrypted MACsec header. Exposing this field offers a multitude of
            design options with MACsec, and in some cases of public Carrier
            Ethernet transport providers, is necessary for leveraging certain
            transport services (see use case section).




            https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html






            share|improve this answer
























              up vote
              3
              down vote













              Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:




              The WAN MACsec offering is standards based but offers additional
              capabilities not found in earlier MACsec capabilities. More
              specifically, MACsec can be leveraged by enterprise customers over
              public carrier Ethernet offerings, allowing customers to adapt to the
              public carrier Ethernet service offering and capabilities (or
              restrictions).



              New enhancements for WAN MACsec include:



              1. 802.1Q Tag in the Clear


              2. Standard IEEE 802.1X-rev MACsec Key Agreement


              3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport


              4. 802.1Q Tag in the Clear


              This enhancement offers the ability to expose the 802.1Q tag outside
              the encrypted MACsec header. Exposing this field offers a multitude of
              design options with MACsec, and in some cases of public Carrier
              Ethernet transport providers, is necessary for leveraging certain
              transport services (see use case section).




              https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html






              share|improve this answer






















                up vote
                3
                down vote










                up vote
                3
                down vote









                Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:




                The WAN MACsec offering is standards based but offers additional
                capabilities not found in earlier MACsec capabilities. More
                specifically, MACsec can be leveraged by enterprise customers over
                public carrier Ethernet offerings, allowing customers to adapt to the
                public carrier Ethernet service offering and capabilities (or
                restrictions).



                New enhancements for WAN MACsec include:



                1. 802.1Q Tag in the Clear


                2. Standard IEEE 802.1X-rev MACsec Key Agreement


                3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport


                4. 802.1Q Tag in the Clear


                This enhancement offers the ability to expose the 802.1Q tag outside
                the encrypted MACsec header. Exposing this field offers a multitude of
                design options with MACsec, and in some cases of public Carrier
                Ethernet transport providers, is necessary for leveraging certain
                transport services (see use case section).




                https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html






                share|improve this answer












                Welcome to Network Engineering! There is no standard for MACSec and 802.1Q, so manufacturers have come up with their own solutions. Cisco calls it "WAN MACSec," and does it this way:




                The WAN MACsec offering is standards based but offers additional
                capabilities not found in earlier MACsec capabilities. More
                specifically, MACsec can be leveraged by enterprise customers over
                public carrier Ethernet offerings, allowing customers to adapt to the
                public carrier Ethernet service offering and capabilities (or
                restrictions).



                New enhancements for WAN MACsec include:



                1. 802.1Q Tag in the Clear


                2. Standard IEEE 802.1X-rev MACsec Key Agreement


                3. Integrated MACsec authentication adaptability over public Carrier Ethernet transport


                4. 802.1Q Tag in the Clear


                This enhancement offers the ability to expose the 802.1Q tag outside
                the encrypted MACsec header. Exposing this field offers a multitude of
                design options with MACsec, and in some cases of public Carrier
                Ethernet transport providers, is necessary for leveraging certain
                transport services (see use case section).




                https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 3 hours ago









                Ron Trunk

                32.7k22869




                32.7k22869




















                    null is a new contributor. Be nice, and check out our Code of Conduct.









                     

                    draft saved


                    draft discarded


















                    null is a new contributor. Be nice, and check out our Code of Conduct.












                    null is a new contributor. Be nice, and check out our Code of Conduct.











                    null is a new contributor. Be nice, and check out our Code of Conduct.













                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54547%2frun-macsec-and-vlan-in-parallel%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Comments

                    Popular posts from this blog

                    What does second last employer means? [closed]

                    Installing NextGIS Connect into QGIS 3?

                    One-line joke