MacSec

 

Media access Control security or Macsec is a layer 2 network traffic protection

Just like IPsec protects network layer, and SSL protects application data, MACSec protects traffic at data link layer (Layer 2).Media Access Control security (MACsec) is a protocol that  provides point-to-point security on Ethernet links. MACsec is defined by IEEE standard 802.1AE.

 You can use MACsec in combination with other security protocols, such as IP Security (IPsec) and Secure Sockets Layer (SSL), to provide end-to-end network security..It also provides integrity and confidentiality over wireless traffic.

Mac sec is the wired equivalent to WPA , WPA2,better than IPSec, and had 128-bit AES-GCM encryption. Traffic is only encrypted between MACsec peers, and allow padeep packet inspection. When the traffic is processed Internally on a switch,the traffic is unencrypted.

MACsec Key Agreement (MKA) is a protocol that provides compatible authentication, authorization and cryptographic key agreement mechanism to support secure communication between devices connected to LAN. MKA is based on IEEE 802.1XREV-2010 specification EAPoL (Extensible Authentication Protocol over LAN) and implemented as a message type extension.

MKA uses the Connectivity Association Key to derive transient session keys called Secure Association Keys (SAKs). SAKs and other MKA parameters are required to sustain communication over the secure channel and to perform encryption and other MACsec security functions

First  of all, let s get straight some terms:

You can use MacSec with TrustSec.MacSec brings integrity and encryption and TrustSec brings authentication piece for the complete security combo