Configuring the MACsec validation mode

The MACsec validation allows a port to perform integrity check based on the following validation modes:

check—Performs validation only, and does not drop illegal frames.
strict—Performs validation, and drops illegal frames.

To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA negotiation failure. After you use the display macsec command to verify that MKA negotiation has succeeded, change the validation mode to strict.

To configure the MACsec validation mode:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Set a MACsec validation mode.	macsec validation mode { check \| strict }	The default setting is check. If you execute this command multiple times, the most recent configuration takes effect.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Set a MACsec validation mode.

macsec validation mode { check | strict }

The default setting is check.

If you execute this command multiple times, the most recent configuration takes effect.

prev	up	next
Configuring MACsec replay protection	home	Configuring MACsec protection parameters by MKA policy