Layer 2 encryption: Ethernet-level security
Why encryption at the Ethernet level?
Layer 2 encryption protects data directly at the Ethernet layer, even before it is transmitted over the network. This method provides ultra-low latency with high security – ideal for sensitive data in telecommunications, corporate and government networks.
Our partners and their strengthsAdtran
Adtran offers Ethernet encryption solutions as part of its network security portfolio. The devices use robust encryption standards such as AES-256 for Layer 2 protection. Adtrans’s solutions are designed to integrate existing networks and support multi-gigabit networks as well as network synchronization – particularly relevant for carrier networks.
Ribbon Communications
Ribbon specializes in security solutions for telecom providers and offers scalable Layer 2 encryption. The focus is on comprehensive management tools and cloud-enabled network security. Ribbon seamlessly integrates encryption into high-bandwidth networks and availability requirements, helping to build private and hybrid networks.
Actelis Networks
Actelis provides Ethernet-based Layer 2 encryption, which is primarily used in industrial and utility networks. Particular focus is on encryption over long distances with low bandwidth requirements. Due to their expertise in the Industrial Internet of Things (IIoT), Actelis solutions are particularly suitable for utility networks and smart city infrastructures.
DNWP (Dedicated Network Partners)
DNWP offers layer-2 encryption solutions with a focus on the German market. Particular strengths lie in compliance with European data protection standards and the provision of flexible, tailor-made solutions that also address medium-sized companies. DNWP emphasizes security and compliance in accordance with local requirements.
Some features:
- MACsec+ encryption directly on Ethernet layer
- AES-GCM256: Strong data encryption with minimal overhead
- Password authentication via Diffie-Hellman
- VLAN Bypass: Single or Dual VLAN possible
- Point-to-point protection for site-to-site and hub-and-spoke connections
- Transport via fiber optics or MEF E-Line service
- BSI approval up to level VS-NfD / VS-V
- MACsec encryption on 1G, 10G, and 100G WAN ports
- 4× 10GE and 100GE multirate ports with MACsec
- Network-wide hop-by-hop Layer 2 encryption
- Standard compliant according to IEEE 802.1AE
- Strong AES-GCM-256 encryption
- MACsec encryption via SHDSL, fiber optic and Layer 2 networks
- SHDSL bonding: Up to 16 dual wires, 15 Mbps per DA
- Layer-2 Ethernet Features: QoS, QinQ, Ethernet Measurements (ITU-T Y.1564)
- Optional SHDSL repeater solution
- Variants as table or DIN rail device
- Industrial Ethernet: Extended Temperature Range
- User-friendly graphical operating software and optional management system
- 8G MPLS-TP Switch with 1:1 Linear Protection Switching
- VPLS / VPWS for Virtual Private Wire and LAN Services
- 8 CoS levels, comprehensive OAM for MPLS-TP
- 8 Ethernet SFP ports: 2× 2.5GbE, 6× 1GbE
- TDM over Packet with optional TDM-SFP adapters
- Optional: AES-256-GCM encryption and authentication
- Manual or automated key exchange procedures
- Compact design, extended temperature range: −20 to +65 °C
- Two battery inputs (24-110 V DC), low consumption: 20 W max
- STM-1/4/16 SDH Trunk
- Multi-service for voice and data, low-latency for teleprotection (IEEE C37.94)
- Multiple interfaces: E1, V.24, V.11, X.21, G.703/64k, C37.94
- Blocking-free cross-connect: 128 × 2 Mbps at 64kbit level
- Redundant control and power supply
- Ethernet and TDM in the First Mile (IEEE 802.3)
- Investment protection: compatible with Nokia Dynanet and Siemens FMX2
- Network management with alarm, configuration and E2E management
- STM-1/4/16 SDH and 1GE/10GE IP Packet Trunk
- Carrier Ethernet 2.0, MPLS-TP (1GE / 2.5GE / 10GE)
- TDM over Packet, SyncE and IEEE 1588v2
- Advanced Encryption
- Integrated Network Management for MPLS-TP
