Special Thanks

Tim Glen · ‎07-20-2021

This is the first in a series of documents I'm writing on MACsec. As the configuration will become increasingly complex, I encourage you to read them in order. I also encourage you to Click Helpful, if this is helpful or to comment if you have questions or concerns!

Special Thanks

A few folks at Cisco supported me and helped me with these documents. Here is a special 'thank you' Hitesh Maisheri & T.V. Yeswanth Reddy for their help and guidance, I would not have been able to do this without their help.

History

MACsec is IEEE standard 802.1AE. It was developed by the IEEE to compliment the 802.1X-2004 standard. MACsec was developed to allow authorized systems to connect and then encrypt data that is transmitted across the wire and to keep a man-in-the-middle from being able to insert frames on to the wire. MACsec does not authorize the systems connecting to the network, it enables those systems to encrypt traffic destined for the network. MACsec is for use on wired networks only.

MACsec has been an industry standard since 2006 when the IEEE published the 802.1AE-2006 document and has been in Cisco solutions for at least 10 years. The first evidence I’ve found of Cisco supporting MACsec is from March 2010 on 3650-X & 3750-X switches. There have been several revisions to the IEEE 802.1AE standard over the years and similarly, Cisco has enhanced their support of MACsec in LAN and WAN products.

MACsec is an L2 encryption method that occurs at the switch port PHY. It has always used the Galois Counter Mode implementation of AES which allows it to operate at line speed. The 2006 standard called for using GCM-AES-128 bit, newer IEEE support both GCM-AES-128 & 256-bit keys. GCM is an authenticated encryption algorithm and provides data authenticity and confidentiality. GCM is required in order to perform line-rate encryption at 1Gb, 10 Gb, 100Gb, or 400Gb. GCM is able to achieve this performance due to its use of parallel processing. Because it operates at Layer two it encrypts STP, CDP, and other layer 2 protocols.

Cisco Support

MACsec is supported in almost all Cisco ethernet solutions from ISR, ASR, Cat 8k, and Cat 9k. Support varies in each product line so reading the Release Notes and \ or Data Sheets is important.

In the past, Cisco supported MACsec with SAP. SAP is a proprietary implementation and has many limitations that MKA overcomes. SAP may still be supported in some current platforms; however, we recommend using MKA in any new implementation.

Cisco AnyConnect has had MACsec support for quite some time, I’ve seen documents showing MACsec support in AnyConnect version 3.1 so that should give you some confidence that this is also a tried and true solution.

Cisco’s implementation of MACsec creates a clear line between control plane operations and data plane operations. MACsec Key Agreement (MKA) occurs in the control plane while MACsec encryption occurs on the data plane, other documents will elaborate on control plane vs data plane operations.

Terminology

In these documents you will see me use acronyms like GCM, CBC, AES, MKA, SAK, CAK, and a lot of others; these docs are not a deep dive into cryptography, the purpose is to understand how to implement MACsec into your network. With that said I will provide a comprehensive dictionary of terms for visibility.

Note: these are in Alphabetical Order

Note: Not all of these terms may be used in my documents, those that are not are being provided for completeness.

AN – Association Number – a number that is concatenated with a MACsec SCI to identify a Security Association (SA).

Authentication Server – a trusted server, in this case, a RADIUS server, preferably Cisco Identity Solutions Engine, that can receive and respond to requests for network access.

Authenticator – network device that can allow or block a data link between a client entity and a network.

CA – Secure Connectivity Association – a security relationship between MACsec devices. There are two types of CA, pairwise CA has two members and group CA which have more than two.

CAK – Connectivity Association Key – used by MKA to derive a transient session key called the SAK

CKN – Connectivity Key Name – used as a container for storing the CAK. CKN is transmitted across the wire in clear text to the peer to assist the peer in validating the CAK

EAP – Extensible Authentication Protocol – an authentication framework that is frequently found in wired and wireless networks. EAP clients are typically called Supplicants. EAP requests are sent to Servers which are typically called Authentication Server through an Authenticator. Supplicants and Authenticators are referred to as PAEs in this framework.

EAPoL – Extensible Authentication Protocol over LAN – a network port authentication protocol used in IEEE 802.1X.

EAPoL PDU – an insecure announcement that carries MACsec cipher suite capabilities. These announcements are used to decide the width of the key used for MKA.

ICK – Integrity Check Key – used to authenticate messages from other members in the same CA.

ICV – Integrity Check Value – protects the source and destination MAC addresses and all the fields of the MPDU

KDF – Key Derivation Function – a cryptographic hash function that derives one or more secret keys from a secret value. Cisco’s implementation of MACsec uses KDFs that are defined in NIST SP800-108.

KEK – Key Encrypting Key – this is used to protect the SAK when the key server distributes it to the members

KS – Key Server – distributes common keying material between the link-local peers. Generates SAK from CAK. Selects and advertises a cipher suite. Key server role can be dynamic, provides for redundancy and reliability.

Master key – a secret key that is used to derive one or more cryptographic keys that are used to protect data transfer

MI – Member Identifier – part of a value pair used in MKA messages

MN – Member Number – a counter used in MKA messages that provides replay protection.

MKA – MACsec Key Agreement – defined in IEEE 802.1X-REV2010 as a key agreement protocol. MKA discovers MACsec peers, negotiates keys, provides session keys, and manages encryption keys.

MKPDU – MACsec Protocol Data Unit – a secure announcement EAPoL to revalidate cipher suite capabilities.

MPDU – see MKPDU

MSK – Master Session Key – generated during EAP exchange. Supplicant and authentication server uses the MSK to generate the CAK and CKN. MSK is not used when MKA Pre-Shared-Key is configured.

NAM - Network Access Manager - an add on module for Cisco AnyConnect, this module acts as an 802.1x supplicant and also enables software MACsec encryption

nonce – a non-repeating value, such as a counter, used in key management and KDFs protocols to thwart replay and other types of attacks

PAE – Port Access Entity – defines a port type, port types are supplicant, authenticator, or both.

PN – Packet Number – asdf

RNG – Random Number Generator – used frequently and in multiple ways for generating and protecting keys. Cisco’s implementation of MACsec use RNGs that are defined in NIST SP800-108.

SA – Secure Association – a relationship between two devices that guarantee frames transmitted between the devices will be secured by the SAK

SAK – Secure Association Key – a key derived from the CAK and used to encrypt data sent between devices

SC – Secure Channel – each SC is identified by a Secure Channel Identifier that comprises a MAC address and a Port Identifier that is unique within the system.

SCI – Secure Channel Identifier – a concatenation of the MAC Address and the Virtual Port ID. Virtual Port ID can be determined from the IF-ID column.

Cat9200# show platform software fed switch 1 ifm interfaces eth

SecY – any device within a system that operates the MACsec security protocol

Supplicant – a client entity that desires to connect to a network. Can also be software that is on a client entity that provides credentials to an authenticator.

Finally

MACsec is not a replacement for IPsec, it should be considered another tool in the Network Architect’s tool belt. IPsec secures TCP\IP packets at layer 3, MACsec works on ethernet frames at layer 2. This allows MACsec to secure Multicast, ARP, DHCP, STP, DTP, VTP, and other layer 2 protocols that IPsec cannot secure. On the flip side, IPsec can work across routers and firewalls and MACsec is not able to.