465
MACsec configuration task list
In device-oriented mode, the MACsec configuration takes effect on Layer 2 and Layer 3 Ethernet
ports. In client-oriented mode, the MACsec configuration takes effect only on 802.1X-enabled ports.
To configure MACsec, perform the following tasks:
(Required.)
Enabling MKA
N/A
(Optional.) Enabling MACsec desire
N/A
(Optional.) Configuring a preshared key
device-oriented mode.
(Optional.) Configuring the MKA key server priority N/A
(Optional.) Use one of the following methods to configure MACsec
protection parameters:
• Configuring MACsec protection parameters in interface view:
ï‚¡ Configuring the MACsec confidentiality offset
ï‚¡ Configuring MACsec replay protection
ï‚¡ Configuring the MACsec validation mode
• Configuring MACsec protection parameters by MKA policy:
ï‚¡ Configuring an MKA policy
ï‚¡ Applying an MKA policy
N/A
Enabling MKA
MKA establishes and manages MACsec secure channels on a port. It also negotiates keys used by
MACsec.
You cannot enable MKA on a MACsec-incapable port.
To enable MKA:
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Enable MKA.
mka enable
By default, MKA is disabled on the
port.
Enabling MACsec desire
The MACsec desire feature expects MACsec protection for outbound frames. The key server
determines whether MACsec protects the outbound frames.
MACsec protects the outbound frames of a port when the following requirements are met:
• The key server is MACsec capable.
• Both the local participant and its peer are MACsec capable.
To Next Page
Loading...
Need help?
General