Media Access Control (MAC) Security (MACSEC or MACsec), defined in the IEEE 802.1AE standard, is a connectionless secure communication protocol that was initially defined for point-to-point security between two devices. Over time usage of MACSEC has been extended to provide end-to-end encryption across a third party network using tunnels, bridges, and labels. Today, to transport MACSEC packets across third party networks requires at least two devices or boxes. The first box encrypts the packet with and the second box tunnels the packet through the network.
The security information is inserted in the packet immediately following the destination address/source address (DA/SA) fields, and all of the lower level packet information is hidden from the network that is forwarding the packets. This means that the network routing or switching equipment in the network cannot understand the priority of the packet without decrypting the packet or looking for clear text after the MACSEC security information.