Configuring the MACsec validation mode
The MACsec validation allows a port to perform integrity check based on the following validation modes:
check—Performs validation only, and does not drop illegal frames.
strict—Performs validation, and drops illegal frames.
To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA negotiation failure. After you use the display macsec command to verify that MKA negotiation has succeeded, change the validation mode to strict.
To configure the MACsec validation mode:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Set a MACsec validation mode. | macsec validation mode { check | strict } | The default setting is check. If you execute this command multiple times, the most recent configuration takes effect. |