MACsec on Centos 7

MACsec = Media Access Control Security (802.1AE IEEE). It provides point-to-point encryption (AES-GCM-128 by default) over ethernet traffic. MACsec support is included from kernel 4.6 or in Centos/RHEL 7.

HOST A:
ip link add link eth1 macsec0 type macsec
ip macsec add macsec0 tx sa 0 pn 1 on key 01 11111111111111111111111111111111
ip macsec add macsec0 rx address bb:bb:bb:bb:bb:bb port 1
ip macsec add macsec0 rx address bb:bb:bb:bb:bb:bb port 1 sa 0 pn 100 on key 02 22222222222222222222222222222222
ip link set dev macsec0 up
ip address add 172.16.16.1/24 dev macsec0
HOST B:
ip link add link eth1 macsec0 type macsec
ip macsec add macsec0 tx sa 0 pn 1 on key 02 22222222222222222222222222222222
ip macsec add macsec0 rx address aa:aa:aa:aa:aa:aa port 1
ip macsec add macsec0 rx address aa:aa:aa:aa:aa:aa port 1 sa 0 pn 100 on key 01 11111111111111111111111111111111
ip link set dev macsec0 up
ip address add 172.16.16.2/24 dev macsec0

view raw
MACsec Centos7
hosted with ❤ by GitHub

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s