EasyManuals Logo

HPE FlexNetwork 5510 HI Series Macsec Configuration Guide

HPE FlexNetwork 5510 HI Series
27 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #12 background imageLoading...
Page #12 background image
10
Step Command Remarks
You can create multiple MKA
policies.
3. (Optional.) Set the MACsec
confidentiality offset.
macsec confidentiality-offset
offset-value
The default setting is 0.
MACsec uses the confidentiality
offset propagated by the key
server.
4. (Optional.) Configure
MACsec replay protection.
a Enable MACsec replay
protection:
replay-protection enable
b Set the replay protection
window size:
replay-protection
window-size size-value
By default, MACsec replay
protection is enabled.
The default replay protection
window size is 0. Frames are
accepted only in the correct order.
5. Set a MACsec validation
mode.
macsec validation mode
{
check
|
disabled
|
strict
}
In the current software version,
only the
strict
mode is supported
Applying an MKA policy
MKA policy provides a centralized method to configure MACsec confidentiality offset, replay
protection, and validation mode. An MKA policy can be applied to a port or multiple ports. When you
apply an MKA policy to a port, follow these restrictions and guidelines:
The MACsec parameter settings configured in the MKA policy overwrite the MACsec
parameters previously configured on the port.
Any modifications to the MKA policy take effect immediately.
When you remove an MKA policy application from the port, the MACsec parameter settings on
the port restore to the default.
When you apply a nonexistent MKA policy to the port, the port automatically uses the default
MKA policy. If you create the policy, the policy will be automatically applied to the port.
To apply an MKA policy to a port:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Apply an MKA policy.
mka apply policy
policy-name
By default, no MKA policy is
applied to the port.
Displaying and maintaining MACsec
Execute display commands in any view and reset commands in user view.
Task Command
Display MACsec information on ports.
display macsec
[
interface
interface-type
interface-number ] [
verbose
]
Display MKA session information.
display mka session
[
interface
interface-type
interface-number |
local-sci
sci-id ] [
verbose
]

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Security Configuration Guide
Security Configuration Guide551 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals