18 Sep
2020
18 Sep
'20
7:28 a.m.
On 18/09/2020 12:07, Mark Tinka wrote:
There was a time when the use-case for MACSec was to move banks away from running their own DWDM/FC networks, and letting operators do it.
Well, the other use case is access networks with 802.1x. With 802.1x as long as the port stays up the session cookie (whatever is set as authenticated) is the MAC address. So once a port is authenticated, it's really easy to spoof a MAC and still be on the network. With WPA2 enterprise on WiFi, this problem does not exist, because then there is a cryptographic session. MACsec fixes that gap on wired. Not all that relevant for long-distance links though :) -- Wilco