9
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Enable MACsec replay
protection.
macsec replay-protection
enable
By default, MACsec replay
protection is enabled on the port.
4. Set the MACsec replay
protection window size.
macsec replay-protection
window-size
size-value
The default setting is 0, and
frames are accepted only in the
correct order.
Configuring the MACsec validation mode
The MACsec validation allows a port to perform integrity check based on the following validation
modes:
• check—Performs validation only, and does not drop illegal frames.
• disabled—Does not perform validation.
• strict—Performs validation, and drops illegal frames.
In the current software version, only the strict mode is supported.
To configure the MACsec validation mode:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Set a MACsec validation
mode.
macsec validation mode
{
check
|
disabled
|
strict
}
In the current software version,
only the
strict
mode is supported.
Configuring MACsec protection parameters by
MKA policy
Configuring an MKA policy
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an MKA policy and
enter its view.
mka policy
policy-name
By default, a system-defined MKA
policy exists. The policy name is
default-policy.
The settings for parameters in the
default policy are the same as the
default settings for the parameters
on a port.
You cannot delete or modify the
default MKA policy.
To Next Page
Loading...
Need help?
General