šŸ”„šŸ”„ Donā€™t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

šŸ”
IEEE 802.1AEcg-2017

IEEE 802.1AEcg-2017

$91.00

IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Security – Amendment 3: Ethernet Data Encryption devices

Published By Publication Date Number of Pages
IEEE 2017
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. Weā€™re here to assist you 24/7.
Email:[email protected]

Amendment Standard – Superseded. Ethernet Data Encryption devices (EDEs) are specified in this amendment. An EDE is a two-port bridge that uses MACsec to provide secure connectivity for attached customer bridges, or for attached provider bridges. EDEs may allow the customer (or provider) bridges to continue to use a VLAN Identifier (VID) in transmitted frames to select

PDF Catalog

PDF Pages PDF Title
1 IEEE Std 802.1AEcg-2017 Front cover
2 Title page
4 Important Notices and Disclaimers Concerning IEEE Standards Documents
7 Participants
9 Introduction
10 Contents
13 Figures
14 Tables
16 1. Overview
1.2 Scope
17 2. Normative references
19 3. Definitions
21 4. Abbreviations and acronyms
22 5. Conformance
5.1 Requirements terminology
23 5.2 Protocol Implementation Conformance Statement (PICS)
5.3 Required capabilitiesMAC Security Entity requirements
24 5.4 Optional capabilitiesMAC Security Entity options
25 5.5 EDE conformance
5.6 EDE-M conformance
26 5.7 EDE-CS conformance
5.8 EDE-CC conformance
5.9 EDE-SS conformance
27 6. Secure provision of the MAC Service
6.1 MAC Service primitives and parameters
6.2 MAC Service connectivity
28 6.4 MAC status parameters
6.5 MAC point-to-point parameters
6.10 Quality of service maintenance
30 7. Principles of secure network operation
7.1 Support of the secure MAC Service by an individual LAN
7.1.2 Secure Channel (SC)
7.1.3 Secure Association (SA)
Untitled
31 Figure 7-7ā€”Secure Channel and Secure Association Identifiers
7.3 Use of the secure MAC Service
7.3.1 Client policies
32 7.3.2 Use of the secure MAC Service by bridges
33 8. MAC Security Protocol (MACsec)
8.1.1 Security requirements
8.2.1 SC identification requirements
8.2.5 Authentication requirements
8.2.6 Authorization requirements
8.3 MACsec operation
35 9. Encoding of MACsec protocol data units
9.9 Secure Channel Identifier (SCI)
36 10. Principles of MAC Security Entity (SecY) operation
10.1 SecY overview
10.2 SecY functions
37 10.4 SecY architecture
Figure 10-4ā€”Management controls and counters for secure frame generation
10.5 Secure frame generation
38 10.5.1 Transmit SA assignment
39 Figure 10-5ā€”Management controls and counters for secure frame verification
40 10.5.3 SecTAG encoding
41 10.6 Secure frame verification
10.6.1 Receive SA assignment
42 10.7 SecY management
44 Figure 10-6ā€”SecY managed objects
45 10.7.1 SCI
10.7.4 Controlled Port status
10.7.6 Controlled Port statistics
46 10.7.8 Frame verification controls
10.7.9 Frame verification statistics
47 10.7.14 Receive SA status
10.7.16 Frame generation capabilities
10.7.17 Frame generation controls
49 10.7.18 Frame generation statistics
10.7.20 Transmit SC creation
50 10.7.21 Transmit SC status
10.7.22 Transmit SA creation
10.7.23 Transmit SA status
51 10.7.25 Implemented Cipher Suites
52 10.7.26 SecY Cipher Suite use
10.7.28 SAK creation
53 11. MAC Security in Systems
11.1 MAC Service interface stacks
11.3 MACsec in MAC Bridges
Figure 11-4 MACsec in a VLAN-unaware MAC Bridge
54 Figure 11-5 VLAN-unaware MAC Bridge Port with MACsec
11.4 MACsec in VLAN-aware Bridges
Figure 11-6ā€”Addition of MAC Security to a VLAN-aware MAC Bridge
11.8 MACsec and multi-access LANs
55 Figure 11-15ā€”An example multi-access LAN
56 13. Management protocol MAC Security Entity MIB
13.1 Introduction
13.4 Security considerations
57 13.5 Structure of the MIB module
63 13.6 Definitions for MAC Security Entity (SecY) MIB definitions
101 14. Encoding of MACsec protocol data units
14.5 Default Cipher Suite (GCMā€“AESā€“128)
14.6 GCM-AES-256
102 15. Ethernet Data Encryption devices
15.1 EDE characteristics
103 15.2 Securing LANs with EDE-Ms
Figure 15-1ā€”EDE-Ms connected by a point-to-point LAN
104 Figure 15-2ā€”EDE-Ms securing a point-to-point LAN between Provider Bridges
105 15.3 Securing connectivity across PBNs
Figure 15-3ā€”MACsec protected frame traversing a PBN
106 15.4 Securing PBN connectivity with an EDE-M
Figure 15-4ā€”EDE-Ms securing point-to-point LAN connectivity across a PBN
107 Figure 15-5ā€”EDE-Ms securing multi-point PBN connectivity
15.5 Securing PBN connectivity with an EDE-CS
108 Figure 15-6ā€”Example of a network with an EDE-CS
109 Figure 15-7ā€”EDE-CS connected to a PBN S-tagged interface
15.6 Securing PBN connectivity with an EDE-CC
111 Figure 15-9ā€”EDE-CC architecture
112 15.7 Securing PBN connectivity with an EDE-SS
15.8 EDE Interoperability
113 15.9 EDEs, CFM, and UNI Access
115 16. Using MIB modules to manage EDEs
16.1 Security considerations
16.2 EDE-M Management
16.3 EDE-CS Management
16.4 EDE-CC and EDE-SS Management
117 Annex A (normative) PICS Proforma
A.5 Major capabilities
119 A.9 Secure Frame Verification
123 A.12 Additional fully conformant Cipher Suite capabilities
124 A.13 Additional variant Cipher Suite capabilities
126 Annex B (informative) Bibliography
128 Annex D (normative) PICS Proforma for an Ethernet Data Encryption device
D.1 Introduction
D.2 Abbreviations and special symbols
D.2.1 Status symbols
D.2.2 General abbreviations
129 D.3 Instructions for completing the PICS proforma
D.3.1 General structure of the PICS proforma
D.3.2 Additional information
D.3.3 Exception information
130 D.3.4 Conditional status
D.3.4.1 Conditional items
D.3.4.2 Predicates
131 D.4 PICS proforma for IEEE Std 802.1AE EDE
D.4.1 Implementation identification
D.4.2 Protocol summary, IEEE Std 802.1AE EDE
132 D.5 EDE type and common requirements
133 D.6 EDE-M Configuration
D.7 EDE-CS Configuration
134 D.8 EDE-CC Configuration
D.9 EDE-SS Configuration
135 Annex E (informative) MKA operation for multiple transmit SCs
137 Annex F (informative) EDE Interoperability and PAE addresses
140 Annex G (informative) Management and MIB revisions
141 G.1 Counter changes
142 G.2 Available Cipher Suites
143 Back cover

Related products

IEEE 802.1AEcg-2017
$91.00