Sabrina Dubroca

Recent Posts

What’s new in MACsec: setting up MACsec using wpa_supplicant and (optionally) NetworkManager

A few months ago, on this blog, we talked about MACsec. In this post, I want to introduce the work we’ve done since then. Since that work revolves around methods to configure MACsec, this will also act as a guide to configure it by two methods: wpa_supplicant alone, or NetworkManager with wpa_supplicant.

If you read the previous MACsec post, you probably thought that this whole business of generating keys and creating “secure associations” isn’t very convenient, especially given that you then have to monitor your associations and generate new keys manually. And you’re right: it’s not.

Besides, if you run RHEL or Fedora, you’re probably used to configuring your network with NetworkManager, so you would expect to be able to configure MACsec with NetworkManager as well. We’re going to describe this below. First, let’s go a little bit behind the scenes.

Continue reading “What’s new in MACsec: setting up MACsec using wpa_supplicant and (optionally) NetworkManager”


MACsec: a different solution to encrypt network traffic

MACsec is an IEEE standard for security in wired ethernet LANs. This blog , will give an overview of what MACsec is, how it differs from other security standards, and present some ideas about how it can be used.

  • MACsec is a Layer 2 protocol that relies on GCM-AES-128 to offer integrity and confidentiality, and operates over ethernet.
  • It can secure all traffic within a LAN, including DHCP and ARP, as well as traffic from higher layer protocols.
  • It is an  extension to 802.1X provides secure key exchange and mutual authentication for MACsec nodes.
  • IPsec (a Layer 3 security protocol) and TLS (a Layer 4 security protocol) offer different guarantees and can be a better fit, depending on the use case.

Continue reading “MACsec: a different solution to encrypt network traffic”