MACsec

MACsec (Media Access Control Security) is a 802.1ae (Layer2) VPN protocol that can be used to create a secure MACsec tunnel over a wired Ethernet LAN. The MACsec uses keys to provide multiple authentications between hosts in a network.

A MACsec tunnel must be tied to a physical interface. You cannot create a MACsec tunnel for a bridge.

Security modes

Two security modes are available for a MACsec tunnel.

Automatic: Uses a pre-shared key to generate association key information, which is periodically rotated through using 802.1x.
Manual: Uses connectivity association key information that is manually entered in the CAK and CKN fields.

© 2025 Digi International Inc. All rights reserved.
MACsec updated on 10 Nov 2023 09:52 AM

More documentation

Download PDF PDF