MKA and group addresses (peers discovery)

Ovidio Ruzzier ovidioruzzier at
Sun Sep 26 06:29:08 PDT 2021

Hi all,

I apologize if this question is more an open one than a close and
related to wpa_supplicant.
I'm trying to encrypt and authenticate traffic among three hosts. I
use EVE-NG for that.
I used first a normal switch provided by EVE-NG, then I used a Nexus 9000v
When I manually configure MACsed everything works fine.
When I use MKA things stop working.
I realized that MKA uses EAPoL-MKA, does the IEEE standard say that? I
don't have access to the standard but this breaks the possibility to
have MKA across switches.
The statement MACsec (actually MKA) is a hop-by-hop protocol is true
because MKA is hop-by-hop because to discover neighbours it uses MAC
group addresses
Per-se it is not.
Is there a way to change the way peers are discovered?



More information about the Hostap mailing list