In general, Ethernet supports both multicast and broadcast. However, once you start encrypting the payload, you need a key management. I am wondering if IEEE 802.1AE supports multicast and broadcast? In that case how does MACsec handle the key management?
This webpage states that "MACsec provides point-to-point security". Does this mean only unicast is supported?
Best Answer
MACsec provides security on the point-to-point link level. MACsec and 802.1X sit (more or less) in between the physical layer (L1) and the data link layer (L2). The key management is between the layer-1 (point-to-point) link partners, usually a host and its uplink switch port, not between (possibly more distant) layer-2 nodes.
MACsec doesn't impact layer-2 functionality which broadcast & multicast are part of - these still work, of course.