{"id":398276,"date":"2024-10-20T04:34:57","date_gmt":"2024-10-20T04:34:57","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/ieee-802-1aecg-2017-2\/"},"modified":"2024-10-26T08:23:14","modified_gmt":"2024-10-26T08:23:14","slug":"ieee-802-1aecg-2017-2","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/ieee\/ieee-802-1aecg-2017-2\/","title":{"rendered":"IEEE 802.1AEcg-2017"},"content":{"rendered":"

Amendment Standard – Superseded. Ethernet Data Encryption devices (EDEs) are specified in this amendment. An EDE is a two-port bridge that uses MACsec to provide secure connectivity for attached customer bridges, or for attached provider bridges. EDEs may allow the customer (or provider) bridges to continue to use a VLAN Identifier (VID) in transmitted frames to select<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
1<\/td>\nIEEE Std 802.1AEcg-2017 Front cover <\/td>\n<\/tr>\n
2<\/td>\nTitle page <\/td>\n<\/tr>\n
4<\/td>\nImportant Notices and Disclaimers Concerning IEEE Standards Documents <\/td>\n<\/tr>\n
7<\/td>\nParticipants <\/td>\n<\/tr>\n
9<\/td>\nIntroduction <\/td>\n<\/tr>\n
10<\/td>\nContents <\/td>\n<\/tr>\n
13<\/td>\nFigures <\/td>\n<\/tr>\n
14<\/td>\nTables <\/td>\n<\/tr>\n
16<\/td>\n1. Overview
1.2 Scope <\/td>\n<\/tr>\n
17<\/td>\n2. Normative references <\/td>\n<\/tr>\n
19<\/td>\n3. Definitions <\/td>\n<\/tr>\n
21<\/td>\n4. Abbreviations and acronyms <\/td>\n<\/tr>\n
22<\/td>\n5. Conformance
5.1 Requirements terminology <\/td>\n<\/tr>\n
23<\/td>\n5.2 Protocol Implementation Conformance Statement (PICS)
5.3 Required capabilitiesMAC Security Entity requirements <\/td>\n<\/tr>\n
24<\/td>\n5.4 Optional capabilitiesMAC Security Entity options <\/td>\n<\/tr>\n
25<\/td>\n5.5 EDE conformance
5.6 EDE-M conformance <\/td>\n<\/tr>\n
26<\/td>\n5.7 EDE-CS conformance
5.8 EDE-CC conformance
5.9 EDE-SS conformance <\/td>\n<\/tr>\n
27<\/td>\n6. Secure provision of the MAC Service
6.1 MAC Service primitives and parameters
6.2 MAC Service connectivity <\/td>\n<\/tr>\n
28<\/td>\n6.4 MAC status parameters
6.5 MAC point-to-point parameters
6.10 Quality of service maintenance <\/td>\n<\/tr>\n
30<\/td>\n7. Principles of secure network operation
7.1 Support of the secure MAC Service by an individual LAN
7.1.2 Secure Channel (SC)
7.1.3 Secure Association (SA)
Untitled <\/td>\n<\/tr>\n
31<\/td>\nFigure 7-7\u2014Secure Channel and Secure Association Identifiers
7.3 Use of the secure MAC Service
7.3.1 Client policies <\/td>\n<\/tr>\n
32<\/td>\n7.3.2 Use of the secure MAC Service by bridges <\/td>\n<\/tr>\n
33<\/td>\n8. MAC Security Protocol (MACsec)
8.1.1 Security requirements
8.2.1 SC identification requirements
8.2.5 Authentication requirements
8.2.6 Authorization requirements
8.3 MACsec operation <\/td>\n<\/tr>\n
35<\/td>\n9. Encoding of MACsec protocol data units
9.9 Secure Channel Identifier (SCI) <\/td>\n<\/tr>\n
36<\/td>\n10. Principles of MAC Security Entity (SecY) operation
10.1 SecY overview
10.2 SecY functions <\/td>\n<\/tr>\n
37<\/td>\n10.4 SecY architecture
Figure 10-4\u2014Management controls and counters for secure frame generation
10.5 Secure frame generation <\/td>\n<\/tr>\n
38<\/td>\n10.5.1 Transmit SA assignment <\/td>\n<\/tr>\n
39<\/td>\nFigure 10-5\u2014Management controls and counters for secure frame verification <\/td>\n<\/tr>\n
40<\/td>\n10.5.3 SecTAG encoding <\/td>\n<\/tr>\n
41<\/td>\n10.6 Secure frame verification
10.6.1 Receive SA assignment <\/td>\n<\/tr>\n
42<\/td>\n10.7 SecY management <\/td>\n<\/tr>\n
44<\/td>\nFigure 10-6\u2014SecY managed objects <\/td>\n<\/tr>\n
45<\/td>\n10.7.1 SCI
10.7.4 Controlled Port status
10.7.6 Controlled Port statistics <\/td>\n<\/tr>\n
46<\/td>\n10.7.8 Frame verification controls
10.7.9 Frame verification statistics <\/td>\n<\/tr>\n
47<\/td>\n10.7.14 Receive SA status
10.7.16 Frame generation capabilities
10.7.17 Frame generation controls <\/td>\n<\/tr>\n
49<\/td>\n10.7.18 Frame generation statistics
10.7.20 Transmit SC creation <\/td>\n<\/tr>\n
50<\/td>\n10.7.21 Transmit SC status
10.7.22 Transmit SA creation
10.7.23 Transmit SA status <\/td>\n<\/tr>\n
51<\/td>\n10.7.25 Implemented Cipher Suites <\/td>\n<\/tr>\n
52<\/td>\n10.7.26 SecY Cipher Suite use
10.7.28 SAK creation <\/td>\n<\/tr>\n
53<\/td>\n11. MAC Security in Systems
11.1 MAC Service interface stacks
11.3 MACsec in MAC Bridges
Figure 11-4 MACsec in a VLAN-unaware MAC Bridge <\/td>\n<\/tr>\n
54<\/td>\nFigure 11-5 VLAN-unaware MAC Bridge Port with MACsec
11.4 MACsec in VLAN-aware Bridges
Figure 11-6\u2014Addition of MAC Security to a VLAN-aware MAC Bridge
11.8 MACsec and multi-access LANs <\/td>\n<\/tr>\n
55<\/td>\nFigure 11-15\u2014An example multi-access LAN <\/td>\n<\/tr>\n
56<\/td>\n13. Management protocol MAC Security Entity MIB
13.1 Introduction
13.4 Security considerations <\/td>\n<\/tr>\n
57<\/td>\n13.5 Structure of the MIB module <\/td>\n<\/tr>\n
63<\/td>\n13.6 Definitions for MAC Security Entity (SecY) MIB definitions <\/td>\n<\/tr>\n
101<\/td>\n14. Encoding of MACsec protocol data units
14.5 Default Cipher Suite (GCM\u2013AES\u2013128)
14.6 GCM-AES-256 <\/td>\n<\/tr>\n
102<\/td>\n15. Ethernet Data Encryption devices
15.1 EDE characteristics <\/td>\n<\/tr>\n
103<\/td>\n15.2 Securing LANs with EDE-Ms
Figure 15-1\u2014EDE-Ms connected by a point-to-point LAN <\/td>\n<\/tr>\n
104<\/td>\nFigure 15-2\u2014EDE-Ms securing a point-to-point LAN between Provider Bridges <\/td>\n<\/tr>\n
105<\/td>\n15.3 Securing connectivity across PBNs
Figure 15-3\u2014MACsec protected frame traversing a PBN <\/td>\n<\/tr>\n
106<\/td>\n15.4 Securing PBN connectivity with an EDE-M
Figure 15-4\u2014EDE-Ms securing point-to-point LAN connectivity across a PBN <\/td>\n<\/tr>\n
107<\/td>\nFigure 15-5\u2014EDE-Ms securing multi-point PBN connectivity
15.5 Securing PBN connectivity with an EDE-CS <\/td>\n<\/tr>\n
108<\/td>\nFigure 15-6\u2014Example of a network with an EDE-CS <\/td>\n<\/tr>\n
109<\/td>\nFigure 15-7\u2014EDE-CS connected to a PBN S-tagged interface
15.6 Securing PBN connectivity with an EDE-CC <\/td>\n<\/tr>\n
111<\/td>\nFigure 15-9\u2014EDE-CC architecture <\/td>\n<\/tr>\n
112<\/td>\n15.7 Securing PBN connectivity with an EDE-SS
15.8 EDE Interoperability <\/td>\n<\/tr>\n
113<\/td>\n15.9 EDEs, CFM, and UNI Access <\/td>\n<\/tr>\n
115<\/td>\n16. Using MIB modules to manage EDEs
16.1 Security considerations
16.2 EDE-M Management
16.3 EDE-CS Management
16.4 EDE-CC and EDE-SS Management <\/td>\n<\/tr>\n
117<\/td>\nAnnex A (normative) PICS Proforma
A.5 Major capabilities <\/td>\n<\/tr>\n
119<\/td>\nA.9 Secure Frame Verification <\/td>\n<\/tr>\n
123<\/td>\nA.12 Additional fully conformant Cipher Suite capabilities <\/td>\n<\/tr>\n
124<\/td>\nA.13 Additional variant Cipher Suite capabilities <\/td>\n<\/tr>\n
126<\/td>\nAnnex B (informative) Bibliography <\/td>\n<\/tr>\n
128<\/td>\nAnnex D (normative) PICS Proforma for an Ethernet Data Encryption device
D.1 Introduction
D.2 Abbreviations and special symbols
D.2.1 Status symbols
D.2.2 General abbreviations <\/td>\n<\/tr>\n
129<\/td>\nD.3 Instructions for completing the PICS proforma
D.3.1 General structure of the PICS proforma
D.3.2 Additional information
D.3.3 Exception information <\/td>\n<\/tr>\n
130<\/td>\nD.3.4 Conditional status
D.3.4.1 Conditional items
D.3.4.2 Predicates <\/td>\n<\/tr>\n
131<\/td>\nD.4 PICS proforma for IEEE Std 802.1AE EDE
D.4.1 Implementation identification
D.4.2 Protocol summary, IEEE Std 802.1AE EDE <\/td>\n<\/tr>\n
132<\/td>\nD.5 EDE type and common requirements <\/td>\n<\/tr>\n
133<\/td>\nD.6 EDE-M Configuration
D.7 EDE-CS Configuration <\/td>\n<\/tr>\n
134<\/td>\nD.8 EDE-CC Configuration
D.9 EDE-SS Configuration <\/td>\n<\/tr>\n
135<\/td>\nAnnex E (informative) MKA operation for multiple transmit SCs <\/td>\n<\/tr>\n
137<\/td>\nAnnex F (informative) EDE Interoperability and PAE addresses <\/td>\n<\/tr>\n
140<\/td>\nAnnex G (informative) Management and MIB revisions <\/td>\n<\/tr>\n
141<\/td>\nG.1 Counter changes <\/td>\n<\/tr>\n
142<\/td>\nG.2 Available Cipher Suites <\/td>\n<\/tr>\n
143<\/td>\nBack cover <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Security – Amendment 3: Ethernet Data Encryption devices<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
IEEE<\/b><\/a><\/td>\n2017<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":398281,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2644],"product_tag":[],"class_list":{"0":"post-398276","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-ieee","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/398276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/398281"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=398276"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=398276"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=398276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}