二層安全技術802.1ae簡單介紹

引用CISCO DOCUMENTS 「Cisco Data Center Interconnect Design and Implementation Guide」中的內容：In 2006 the IEEE ratified the 802.1AE standard, also known as MAC security standard (MACsec). MACsec encrypts all Ethernet frames, irrespective of the upper layer protocol. With MACsec, not only routed IP packets but also IP packets where the source and destination is in the same subnet or even non-IP traffic are encrypted.

咱們能夠了解到802.1AE是一種二層封裝技術，經過封裝全部以太網針，從而實現加密的安全效果。

802.1AE not only protects data from being read by others sniffing the link, it assures message integrity. Data tampering is prevented by authenticating relevant portions of the frame. Figure 1-14 shows how a regular Layer 2 frame is encrypted.

802.1AE能夠保護數據內容被抓包獲取，同時也能保證數據的完整性

格式以下：

其中ICV是Integrity Check Value 的簡稱，採用32Bytes，主要用於校驗