The present invention relates generally to security processing in communication networks and, more particularly, to processing media access control security for frames in communication networks that have tags and/or headers for use in a wide area network.
Local area networks may be interconnected through a wide area network. To facilitate transport in the wide area network, information may be added to frames in the local area networks or when frames enter the wide area network. For example, virtual local area network tags may be included in the frames or the frames may be encapsulated inside of multiprotocol label switching packets.
It may be advantageous to secure at least some communication in a network to avoid interception of information or disruption of network operations. Some information may be protected by encrypting the information at its source and decrypting it at its destination. Other information may be protected by inclusion of a check value or digital signature that allows a receiving device to verify that the information has not been altered since it was sent from a transmitting device. One protocol for increasing network security is Media Access Control (MAC) Security of IEEE Std. 802.1AE.
When frames with tags or headers for use in a wide area network are secured, the security measures may interfere with operations in the wide area network. Tags and headers that are encrypted may not be accessible by devices in the wide area network. Tags and headers that are secured by a check value may not be changed, for example, to updated routing information, by devices in the wide area network because changes may invalidate check values and cause a receiving device to reject altered frames.