[x]

MACsec commands > macsec confidentiality-offset

 

 Next

macsec confidentiality-offset

Use macsec confidentiality-offset to set the MACsec confidentiality offset on a port.

Use undo macsec confidentiality-offset to restore the default.

Syntax

macsec confidentiality-offset offset-value

undo macsec confidentiality-offset

Default

The MACsec confidentiality offset on the port is 0. The entire frame is encrypted.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

offset-value: Specifies the confidentiality offset in bytes. The value can be 0, 30 or 50.

Usage guidelines

The MACsec confidentiality offset specifies the number of bytes starting from the frame header. MACsec encrypts only the bytes after the offset in a frame.

If you execute this command on a port to which an MKA policy has been applied, the configuration overwrites the confidentiality offset in the MKA policy. The MKA policy application is removed from the port. However, other settings (settings for parameters except the confidentiality offset) of the MKA policy are effective on the port.

MACsec uses the MACsec confidentiality offset propagated by the key server.

Examples

# Set the MACsec confidentiality offset to 30 bytes on Ten-GigabitEthernet 4/1/1.

<Sysname> system-view
[Sysname] interface ten-gigabitethernet 4/1/1
[Sysname-Ten-GigabitEthernet4/1/1] macsec confidentiality-offset 30

Related commands

confidentiality-offset

display macsec

display mka session

mka apply policy

prev

 

up

 next

display mka statistics 

home

 macsec desire

© Copyright 2018 Hewlett Packard Enterprise Development LP