{"id":194709,"date":"2024-10-19T12:21:19","date_gmt":"2024-10-19T12:21:19","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/ieee-802-1aecg-2017\/"},"modified":"2024-10-25T04:52:21","modified_gmt":"2024-10-25T04:52:21","slug":"ieee-802-1aecg-2017","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/ieee\/ieee-802-1aecg-2017\/","title":{"rendered":"IEEE 802.1AEcg 2017"},"content":{"rendered":"

Amendment Standard – Superseded. Ethernet Data Encryption devices (EDEs) are specified in this amendment. An EDE is a two-port bridge that uses MACsec to provide secure connectivity for attached customer bridges, or for attached provider bridges. EDEs may allow the customer (or provider) bridges to continue to use a VLAN Identifier (VID) in transmitted frames to select (as already specified in IEEE Std 802.1Q\u2122) between provider network or provider backbone network services. (The PDF of this standard is available at no cost compliments of the IEEE GET program)<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
1<\/td>\nIEEE Std 802.1AEcg-2017 Front cover <\/td>\n<\/tr>\n
2<\/td>\nTitle page <\/td>\n<\/tr>\n
4<\/td>\nImportant Notices and Disclaimers Concerning IEEE Standards Documents <\/td>\n<\/tr>\n
7<\/td>\nParticipants <\/td>\n<\/tr>\n
9<\/td>\nIntroduction <\/td>\n<\/tr>\n
10<\/td>\nContents <\/td>\n<\/tr>\n
13<\/td>\nFigures <\/td>\n<\/tr>\n
14<\/td>\nTables <\/td>\n<\/tr>\n
16<\/td>\n1. Overview
1.2 Scope <\/td>\n<\/tr>\n
17<\/td>\n2. Normative references <\/td>\n<\/tr>\n
19<\/td>\n3. Definitions <\/td>\n<\/tr>\n
21<\/td>\n4. Abbreviations and acronyms <\/td>\n<\/tr>\n
22<\/td>\n5. Conformance
5.1 Requirements terminology <\/td>\n<\/tr>\n
23<\/td>\n5.2 Protocol Implementation Conformance Statement (PICS)
5.3 Required capabilitiesMAC Security Entity requirements <\/td>\n<\/tr>\n
24<\/td>\n5.4 Optional capabilitiesMAC Security Entity options <\/td>\n<\/tr>\n
25<\/td>\n5.5 EDE conformance
5.6 EDE-M conformance <\/td>\n<\/tr>\n
26<\/td>\n5.7 EDE-CS conformance
5.8 EDE-CC conformance
5.9 EDE-SS conformance <\/td>\n<\/tr>\n
27<\/td>\n6. Secure provision of the MAC Service
6.1 MAC Service primitives and parameters
6.2 MAC Service connectivity <\/td>\n<\/tr>\n
28<\/td>\n6.4 MAC status parameters
6.5 MAC point-to-point parameters
6.10 Quality of service maintenance <\/td>\n<\/tr>\n
30<\/td>\n7. Principles of secure network operation
7.1 Support of the secure MAC Service by an individual LAN
7.1.2 Secure Channel (SC)
7.1.3 Secure Association (SA)
Untitled <\/td>\n<\/tr>\n
31<\/td>\nFigure 7-7\u2014Secure Channel and Secure Association Identifiers
7.3 Use of the secure MAC Service
7.3.1 Client policies <\/td>\n<\/tr>\n
32<\/td>\n7.3.2 Use of the secure MAC Service by bridges <\/td>\n<\/tr>\n
33<\/td>\n8. MAC Security Protocol (MACsec)
8.1.1 Security requirements
8.2.1 SC identification requirements
8.2.5 Authentication requirements
8.2.6 Authorization requirements
8.3 MACsec operation <\/td>\n<\/tr>\n
35<\/td>\n9. Encoding of MACsec protocol data units
9.9 Secure Channel Identifier (SCI) <\/td>\n<\/tr>\n
36<\/td>\n10. Principles of MAC Security Entity (SecY) operation
10.1 SecY overview
10.2 SecY functions <\/td>\n<\/tr>\n
37<\/td>\n10.4 SecY architecture
Figure 10-4\u2014Management controls and counters for secure frame generation
10.5 Secure frame generation <\/td>\n<\/tr>\n
38<\/td>\n10.5.1 Transmit SA assignment <\/td>\n<\/tr>\n
39<\/td>\nFigure 10-5\u2014Management controls and counters for secure frame verification <\/td>\n<\/tr>\n
40<\/td>\n10.5.3 SecTAG encoding <\/td>\n<\/tr>\n
41<\/td>\n10.6 Secure frame verification
10.6.1 Receive SA assignment <\/td>\n<\/tr>\n
42<\/td>\n10.7 SecY management <\/td>\n<\/tr>\n
44<\/td>\nFigure 10-6\u2014SecY managed objects <\/td>\n<\/tr>\n
45<\/td>\n10.7.1 SCI
10.7.4 Controlled Port status
10.7.6 Controlled Port statistics <\/td>\n<\/tr>\n
46<\/td>\n10.7.8 Frame verification controls
10.7.9 Frame verification statistics <\/td>\n<\/tr>\n
47<\/td>\n10.7.14 Receive SA status
10.7.16 Frame generation capabilities
10.7.17 Frame generation controls <\/td>\n<\/tr>\n
49<\/td>\n10.7.18 Frame generation statistics
10.7.20 Transmit SC creation <\/td>\n<\/tr>\n
50<\/td>\n10.7.21 Transmit SC status
10.7.22 Transmit SA creation
10.7.23 Transmit SA status <\/td>\n<\/tr>\n
51<\/td>\n10.7.25 Implemented Cipher Suites <\/td>\n<\/tr>\n
52<\/td>\n10.7.26 SecY Cipher Suite use
10.7.28 SAK creation <\/td>\n<\/tr>\n
53<\/td>\n11. MAC Security in Systems
11.1 MAC Service interface stacks
11.3 MACsec in MAC Bridges
Figure 11-4 MACsec in a VLAN-unaware MAC Bridge <\/td>\n<\/tr>\n
54<\/td>\nFigure 11-5 VLAN-unaware MAC Bridge Port with MACsec
11.4 MACsec in VLAN-aware Bridges
Figure 11-6\u2014Addition of MAC Security to a VLAN-aware MAC Bridge
11.8 MACsec and multi-access LANs <\/td>\n<\/tr>\n
55<\/td>\nFigure 11-15\u2014An example multi-access LAN <\/td>\n<\/tr>\n
56<\/td>\n13. Management protocol MAC Security Entity MIB
13.1 Introduction
13.4 Security considerations <\/td>\n<\/tr>\n
57<\/td>\n13.5 Structure of the MIB module <\/td>\n<\/tr>\n
63<\/td>\n13.6 Definitions for MAC Security Entity (SecY) MIB definitions <\/td>\n<\/tr>\n
101<\/td>\n14. Encoding of MACsec protocol data units
14.5 Default Cipher Suite (GCM\u2013AES\u2013128)
14.6 GCM-AES-256 <\/td>\n<\/tr>\n
102<\/td>\n15. Ethernet Data Encryption devices
15.1 EDE characteristics <\/td>\n<\/tr>\n
103<\/td>\n15.2 Securing LANs with EDE-Ms
Figure 15-1\u2014EDE-Ms connected by a point-to-point LAN <\/td>\n<\/tr>\n
104<\/td>\nFigure 15-2\u2014EDE-Ms securing a point-to-point LAN between Provider Bridges <\/td>\n<\/tr>\n
105<\/td>\n15.3 Securing connectivity across PBNs
Figure 15-3\u2014MACsec protected frame traversing a PBN <\/td>\n<\/tr>\n
106<\/td>\n15.4 Securing PBN connectivity with an EDE-M
Figure 15-4\u2014EDE-Ms securing point-to-point LAN connectivity across a PBN <\/td>\n<\/tr>\n
107<\/td>\nFigure 15-5\u2014EDE-Ms securing multi-point PBN connectivity
15.5 Securing PBN connectivity with an EDE-CS <\/td>\n<\/tr>\n
108<\/td>\nFigure 15-6\u2014Example of a network with an EDE-CS <\/td>\n<\/tr>\n
109<\/td>\nFigure 15-7\u2014EDE-CS connected to a PBN S-tagged interface
15.6 Securing PBN connectivity with an EDE-CC <\/td>\n<\/tr>\n
111<\/td>\nFigure 15-9\u2014EDE-CC architecture <\/td>\n<\/tr>\n
112<\/td>\n15.7 Securing PBN connectivity with an EDE-SS
15.8 EDE Interoperability <\/td>\n<\/tr>\n
113<\/td>\n15.9 EDEs, CFM, and UNI Access <\/td>\n<\/tr>\n
115<\/td>\n16. Using MIB modules to manage EDEs
16.1 Security considerations
16.2 EDE-M Management
16.3 EDE-CS Management
16.4 EDE-CC and EDE-SS Management <\/td>\n<\/tr>\n
117<\/td>\nAnnex A (normative) PICS Proforma
A.5 Major capabilities <\/td>\n<\/tr>\n
119<\/td>\nA.9 Secure Frame Verification <\/td>\n<\/tr>\n
123<\/td>\nA.12 Additional fully conformant Cipher Suite capabilities <\/td>\n<\/tr>\n
124<\/td>\nA.13 Additional variant Cipher Suite capabilities <\/td>\n<\/tr>\n
126<\/td>\nAnnex B (informative) Bibliography <\/td>\n<\/tr>\n
128<\/td>\nAnnex D (normative) PICS Proforma for an Ethernet Data Encryption device
D.1 Introduction
D.2 Abbreviations and special symbols
D.2.1 Status symbols
D.2.2 General abbreviations <\/td>\n<\/tr>\n
129<\/td>\nD.3 Instructions for completing the PICS proforma
D.3.1 General structure of the PICS proforma
D.3.2 Additional information
D.3.3 Exception information <\/td>\n<\/tr>\n
130<\/td>\nD.3.4 Conditional status
D.3.4.1 Conditional items
D.3.4.2 Predicates <\/td>\n<\/tr>\n
131<\/td>\nD.4 PICS proforma for IEEE Std 802.1AE EDE
D.4.1 Implementation identification
D.4.2 Protocol summary, IEEE Std 802.1AE EDE <\/td>\n<\/tr>\n
132<\/td>\nD.5 EDE type and common requirements <\/td>\n<\/tr>\n
133<\/td>\nD.6 EDE-M Configuration
D.7 EDE-CS Configuration <\/td>\n<\/tr>\n
134<\/td>\nD.8 EDE-CC Configuration
D.9 EDE-SS Configuration <\/td>\n<\/tr>\n
135<\/td>\nAnnex E (informative) MKA operation for multiple transmit SCs <\/td>\n<\/tr>\n
137<\/td>\nAnnex F (informative) EDE Interoperability and PAE addresses <\/td>\n<\/tr>\n
140<\/td>\nAnnex G (informative) Management and MIB revisions <\/td>\n<\/tr>\n
141<\/td>\nG.1 Counter changes <\/td>\n<\/tr>\n
142<\/td>\nG.2 Available Cipher Suites <\/td>\n<\/tr>\n
143<\/td>\nBack cover <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Security – Amendment 3: Ethernet Data Encryption devices<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
IEEE<\/b><\/a><\/td>\n2017<\/td>\n143<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":194712,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2644],"product_tag":[],"class_list":{"0":"post-194709","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-ieee","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/194709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/194712"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=194709"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=194709"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=194709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}