|
|
27Ìâ´ð°¸²»¶Ô. ÎÒµ±Ê±Ñ¡µÄC.5 i% J M6 @; r; j/ p/ X+ x7 E
https://www.cisco.com/c/en/us/td ... 50xcg/swmacsec.html
# C4 H5 {4 M1 Z/ eUnderstanding Media Access Control Security and MACsec Key Agreement
' ^+ z! y* d$ A3 u. _1 W; MMACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using out-of-band methods for encryption keying. The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys. MKA and MACsec are implemented after successful authentication using the 802.1x Extensible Authentication Protocol (EAP) framework. Only host facing links (links between network access devices and endpoint devices such as a PC or IP phone) can be secured using MACsec.
6 d5 |1 V% E7 `# N S. ^' \# J
8 w* l# \+ U' ~# uÓÐÐÄ˼µÄ¿ÉÒԲο¼ÏÂÃæµÄÄÚÈÝ×Ô¼º·ÖÎöÏÂ:+ G |" g/ V/ K$ g4 t
When the switch receives frames from the client, it decrypts them and calculates the correct ICV by using session keys provided by MKA.
; q2 L- g. S4 }
4 `* F% M& s/ i, ~2 S8 phttps://www.cisco.com/c/en/us/td ... 50xcg/swmacsec.html
: r, M- o# e1 c/ S1 ]+ @( x
" s& N( z( \ M$ x. Z5 x
* @ v3 T. Y+ d" q& Q- w+ eMACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices. The Catalyst 4500 series switch supports 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the switch and host devices.
9 c% Q- j T: w2 d1 C# x: @' I
9 p( M- v3 _. r5 R u7 m4 ]https://www.cisco.com/c/en/us/td ... onfig/swmacsec.html
% K' c, E1 `3 t |
10#
2019-11-30 20:15:17
»Ø¸´(0)
ÊÕÆð»Ø¸´
|
¼òÌåÖÐÎÄ
Ó¢Óï
ÈÕÓï
º«Óï
·¨Óï
Î÷°àÑÀÓï
Ô½ÄÏÓï
Ì©Óï
°¢À²®Óï
¶íÓï
ÆÏÌÑÑÀÓï
µÂÓï
Òâ´óÀûÓï
Ï£À°Óï
ºÉÀ¼Óï
²¨À¼Óï
±£¼ÓÀûÑÇÓï
°®É³ÄáÑÇÓï
µ¤ÂóÓï
·ÒÀ¼Óï
½Ý¿ËÓï
ÂÞÂíÄáÑÇÓï
˹ÂåÎÄÄáÑÇÓï
ÈðµäÓï
ÐÙÑÀÀûÓï
·±ÌåÖÐÎÄ
ÎÄÑÔÎÄ
·¢±íÓÚ 2019-11-29 23:16:05
Öö¥¿¨
ÐúÏù¿¨
±äÉ«¿¨
ǧ½ï¶¥
成长值: 41545
ÕâÌ×Ìâ¿â¸²¸ÇÂÊÔõôÑù£¿
Â¥Ö÷