InformationMedia Access Control security (MACsec) is an IEEE 802 standard specifying how to transparently secure all orpart of a Local Area Network (LAN) at the link layer. MACsec PHY devices can do this while meeting the scalability and high-speed requirements set on such networks. MACsec is intended for wired LANs only, as wireless networks use a different protocol set. To ensure wired network security, MACsec functionality is required on newer-generation network infrastructure switches. It is supported on the Aruba 5400R (v3 modules only),3810M, and 2930M switch families.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionTo define a MACsec policy and assign a CA Key Name (CKN) and CA Key:
switch(config)# macsec policy macsecpolicy
switch(Policy-examplepolicy)# mode pre-shared-key ckn 1a2b3c4d5e6f cak f6e5d4c3b2a1
To assign the MACsec policy examplepolicy to ports 21-24:
switch(config)# macsec apply policy macsecpolicy 21-24