MKA and group addresses (peers discovery)
Ovidio Ruzzier
ovidioruzzier at gmail.com
Sun Sep 26 06:29:08 PDT 2021
Hi all,
I apologize if this question is more an open one than a close and
related to wpa_supplicant.
I'm trying to encrypt and authenticate traffic among three hosts. I
use EVE-NG for that.
I used first a normal switch provided by EVE-NG, then I used a Nexus 9000v
When I manually configure MACsed everything works fine.
When I use MKA things stop working.
I realized that MKA uses EAPoL-MKA, does the IEEE standard say that? I
don't have access to the standard but this breaks the possibility to
have MKA across switches.
The statement MACsec (actually MKA) is a hop-by-hop protocol is true
because MKA is hop-by-hop because to discover neighbours it uses MAC
group addresses
Per-se it is not.
Is there a way to change the way peers are discovered?
Thanks.
Ovidio
More information about the Hostap
mailing list