Media Access Control security (MACsec) is an IEEE 802 standard specifying how to transparently secure all orpart of a Local Area Network (LAN) at the link layer. MACsec PHY devices can do this while meeting the scalability and high-speed requirements set on such networks. MACsec is intended for wired LANs only, as wireless networks use a different protocol set. To ensure wired network security, MACsec functionality is required on newer-generation network infrastructure switches. It is supported on the Aruba 5400R (v3 modules only),3810M, and 2930M switch families.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


To define a MACsec policy and assign a CA Key Name (CKN) and CA Key:

switch(config)# macsec policy macsecpolicy
switch(Policy-examplepolicy)# mode pre-shared-key ckn 1a2b3c4d5e6f cak f6e5d4c3b2a1

To assign the MACsec policy examplepolicy to ports 21-24:

switch(config)# macsec apply policy macsecpolicy 21-24

See Also

Item Details


References: 800-53|SC-5

Plugin: ArubaOS

Control ID: cf6c7dd93b52a02c8fce78a0e7ba77702424838db67866417081df3389fe7077