PurposeCommand or Action
The command must be entered exactly the same
as the existing configuration command for the
interface, except for the fallback keychain name.
Note
See Configuring a MACsec Keychain and Keys.
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 4
switch(config-if)# copy running-config
startup-config
Configuring a MACsec Policy
You can create multiple MACsec policies with different parameters. However, only one policy can be active
on an interface.
Dynamic changes are not allowed to the MACsec policy once the policy is enabled under the interface.
Note
Before you begin
Make sure that MACsec is enabled.
SUMMARY STEPS
1. configure terminal
2. macsec policy name
3. cipher-suite name
4. key-server-priority number
5. security-policy name
6. window-size number
7. sak-expiry-time time
8. conf-offset name
9. (Optional) show macsec policy
10. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
509
Configuring MACsec
Configuring a MACsec Policy
To Next Page
Loading...
