This technology relates to extending the IEEE MACSec standard 802.1AE, which specifies a security solution for layer 2. MACSec provides port-based network access control to regulate access to the network and allow only authenticated devices on the LAN; provides peer authentication, data integrity and confidentiality (encryption); and guards against transmission and reception by unidentified or unauthorized parties, and consequent network disruption, theft of service, or data loss. However, despite IEEE approval of the MACSec standard in 2006, practical application of the MACSec standard by the networking community has been slow. One reason for slow adoption has been the absence from the MACSec standard of important features such as key management.
Improvements to IEEE standard 802.1X (IEEE 802.1X-REV, IEEE 802.1X-2010) define client authentication, data integrity checking, and key management (creation, distribution, deletion, and renewal). The adoption of MACSec into IEEE standard 802.1X allows MACSec enabled devices to encrypt data on each hop of the LAN to help completely secure the network.
Despite this marriage of MACSec with IEEE standard 802.1X, slow adoption of the MACSec standard has also resulted from incompatibility of MACSec with legacy devices, as discussed below in connection with FIG. 1. Such incompatibility worsens a tendency of the networking community to adopt advantageous technologies such as MACSec incrementally at best, owing to the enormous investment represented by legacy network infrastructure.