468
Configuring MACsec replay protection
The MACsec replay protection feature allows a MACsec port to accept a number of out-of-order or
repeated inbound frames. The configured replay protection window size is effective only when
MACsec replay protection is enabled.
To configure MACsec replay protection:
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3.
protection.
macsec replay-protection
By default,
protection is enabled on the port.
4. Set the MACsec replay
protection window size.
macsec replay-protection
window-size
size-value
The default setting is 0, and
frames are accepted only in the
correct order.
Configuring the MACsec validation mode
The MACsec validation allows a port to perform integrity check based on the following validation
modes:
• check—Performs validation only, and does not drop illegal frames.
• disabled—Does not perform validation.
• strict—Performs validation, and drops illegal frames.
In the current software version, only the strict mode is supported.
To configure the MACsec validation mode:
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3.
validation mode.
{
|
|
}
In the current software version,
only the
mode is supported.
Configuring MACsec protection parameters by
MKA policy
Configuring an MKA policy
1. Enter system view.
system-view
N/A
2.
Create an MKA policy, and
enter MKA policy view.
mka policy
policy-name
By default, an MKA policy named
default-policy
exists.
To Next Page
Loading...
Need help?
General