![]() ![]() On top of this, we want to have additional security at Layer 2 between the two Linux hosts, hence MACsec is the suitable option here. ![]() I won’t discuss how to set up the L2VPN as we already did this several times, one example being L2circuit for L2 protocol tunneling. This is the topology that is being used to demonstrate most of the implementation of MACsec on Linux and the purpose is to have connectivity between the two hosts using MACsec.īetween the two hosts there is a L2VPN that is provided by the QFX10K switches. use dot1x with MACsec extensions that allows dynamic discovery of MACsec peers, SA and SC setup, key generation and distribution.manually configure secure channel(SC), security association(SA) and the keys(this is what we are going to see).Starting with kernel 4.6, support for MACsec has been added in Linux so it won’t be needed to use a release candidate to test this feature.
0 Comments
Leave a Reply. |