[x]

Configuring MACsec protection parameters by MKA policy > Configuring an MKA policy

 

 Next

Configuring an MKA policy

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an MKA policy and enter its view.

mka policy policy-name

By default, a system-defined MKA policy exists. The policy name is default-policy.

The settings for parameters in the default policy are the same as the default settings for the parameters on a port.

You cannot delete or modify the default MKA policy.

You can create multiple MKA policies.

3. (Optional.) Set the MACsec confidentiality offset.

macsec confidentiality-offset offset-value

The default setting is 0.

MACsec uses the confidentiality offset propagated by the key server.

4. (Optional.) Configure MACsec replay protection.

  • Enable MACsec replay protection:replay-protection enable

  • Set the replay protection window size:replay-protection window-size size-value

    • By default, MACsec replay protection is enabled.

    The default replay protection window size is 0. Frames are accepted only in the correct order.

    5. Set a MACsec validation mode.

    macsec validation mode { check | strict }

    The default setting is check.

    prev

     

    up

     next

    Configuring MACsec protection parameters by MKA policy 

    home

     Applying an MKA policy

    © Copyright 2016 Hewlett Packard Enterprise Development LP