15
# Set the MACsec confidentiality offset to 30 bytes.
[DeviceB-GigabitEthernet1/0/1] macsec confidentiality-offset 30
# Enable MACsec replay protection.
[DeviceB-GigabitEthernet1/0/1] macsec replay-protection enable
# Set the MACsec replay protection window size to 100.
[DeviceB-GigabitEthernet1/0/1] macsec replay-protection window-size 100
# Set the MACsec validation mode to strict.
[DeviceB-GigabitEthernet1/0/1] macsec validation mode strict
# Enable MKA on GigabitEthernet 1/0/1.
[DeviceB-GigabitEthernet1/0/1] mka enable
[DeviceB-GigabitEthernet1/0/1] quit
Verifying the configuration
# Display MACsec information on GigabitEthernet 1/0/1 of Device A.
[DeviceA] display macsec interface gigabitethernet 1/0/1 verbose
Interface GigabitEthernet1/0/1
Protect frames : Yes
Replay protection : Enabled
Replay window size : 100 frames
Confidentiality offset : 30 bytes
Validation mode : Strict
Included SCI : No
SCI conflict : No
Cipher suite : GCM-AES-128
Transmit secure channel:
SCI : 00E00100000A0006
Elapsed time: 00h:05m:00s
Current SA : AN 0 PN 1
Receive secure channels:
SCI : 00E0020000000106
Elapsed time: 00h:03m:18s
Current SA : AN 0 LPN 1
Previous SA : AN N/A LPN N/A
# Display MKA session information on GigabitEthernet 1/0/1 of Device A.
[DeviceA] display mka session interface gigabitethernet 1/0/1 verbose
Interface GigabitEthernet1/0/1
Tx-SCI : 00E00100000A0006
Priority : 5
Capability: 3
CKN for participant: E9AC
Key server : Yes
MI (MN) : 85E004AF49934720AC5131D3 (182)
Live peers : 1
Potential peers : 0
Principal actor : Yes
MKA session status : Secured
Confidentiality offset: 30 bytes
Current SAK status : Rx & Tx
To Next Page
Loading...
Need help?
General