Configuring an MKA policy
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an MKA policy and enter its view. | mka policy policy-name | By default, a system-defined MKA policy exists. The policy name is default-policy. The settings for parameters in the default policy are the same as the default settings for the parameters on a port. You cannot delete or modify the default MKA policy. You can create multiple MKA policies. |
3. (Optional.) Set the MACsec confidentiality offset. | macsec confidentiality-offset offset-value | The default setting is 0. MACsec uses the confidentiality offset propagated by the key server. |
4. (Optional.) Configure MACsec replay protection. | Enable MACsec replay protection:replay-protection enable Set the replay protection window size:replay-protection window-size size-value | By default, MACsec replay protection is enabled. The default replay protection window size is 0. Frames are accepted only in the correct order. |
5. Set a MACsec validation mode. | macsec validation mode { check | strict } | The default setting is check. |