EasyManuals Logo

HPE FlexNetwork 5510 HI Series Macsec Configuration Guide

HPE FlexNetwork 5510 HI Series
27 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #10 background imageLoading...
Page #10 background image
8
ports. The port with the lowest SCI value (a combination of MAC address and port ID) becomes the
key server.
A port with priority 255 cannot become the key server. For a successful key server selection, make
sure a minimum of one participant's key server priority is not 255.
To configure the MKA key server priority:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Set the MKA key server
priority.
mka priority
priority-value
The default setting is 0.
Configuring MACsec protection parameters in
interface view
If you configure a parameter in interface view after applying an MKA policy, the configuration in
interface view overwrites the configuration of the parameter in the MKA policy. Your configuration
also removes the MKA policy application from the port. However, other parameter settings of the
MKA policy are effective on the port.
If the parameter value in interface view is the same as the value in the MKA policy, your configuration
does not take effect. The policy remains active on the port.
Configuring the MACsec confidentiality offset
The MACsec confidentiality offset specifies the number of bytes starting from the frame header.
MACsec encrypts only the bytes after the offset in a frame.
MACsec uses the confidentiality offset propagated by the key server.
To configure the MACsec confidentiality offset:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Set the MACsec
confidentiality offset.
macsec confidentiality-offset
offset-value
The default setting is 0, and the
entire frame needs to be
encrypted.
The offset value can be 0, 30, or
50.
Configuring MACsec replay protection
The MACsec replay protection feature allows a MACsec port to accept a number of out-of-order or
repeated inbound frames. The configured replay protection window size is effective only when
MACsec replay protection is enabled.
To configure MACsec replay protection:

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Security Configuration Guide
Security Configuration Guide551 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals