macsec confidentiality-offset
Use macsec confidentiality-offset to set the MACsec confidentiality offset on a port.
Use undo macsec confidentiality-offset to restore the default.
Syntax
macsec confidentiality-offset offset-value
undo macsec confidentiality-offset
Default
The MACsec confidentiality offset on the port is 0. The entire frame is encrypted.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
offset-value: Specifies the confidentiality offset in bytes. The value can be 0, 30 or 50.
Usage guidelines
The MACsec confidentiality offset specifies the number of bytes starting from the frame header. MACsec encrypts only the bytes after the offset in a frame.
If you execute this command on a port to which an MKA policy has been applied, the configuration overwrites the confidentiality offset in the MKA policy. The MKA policy application is removed from the port. However, other settings (settings for parameters except the confidentiality offset) of the MKA policy are effective on the port.
MACsec uses the MACsec confidentiality offset propagated by the key server.
Examples
# Set the MACsec confidentiality offset to 30 bytes on Ten-GigabitEthernet 4/1/1.
<Sysname> system-view [Sysname] interface ten-gigabitethernet 4/1/1 [Sysname-Ten-GigabitEthernet4/1/1] macsec confidentiality-offset 30
Related commands
confidentiality-offset
display macsec
display mka session
mka apply policy