macsec replay-protection enable

Use macsec replay-protection enable to enable MACsec replay protection on a port.

Use undo macsec replay-protection enable to disable MACsec replay protection on a port.

Syntax

macsec replay-protection enable

undo macsec replay-protection enable

Default

MACsec replay protection is enabled on the port.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This feature allows a MACsec port to accept a number of out-of-order or repeated inbound frames.

If you execute this command on a port to which an MKA policy has been applied, the configuration overwrites the MACsec replay protection configuration in the MKA policy. The MKA policy application is removed from the port. However, other settings (settings for parameters except MACsec replay protection) of the MKA policy are effective on the port.

Examples

# Enable MACsec replay protection on Ten-GigabitEthernet 4/1/1.

<Sysname> system-view
[Sysname] interface ten-gigabitethernet 4/1/1
[Sysname-Ten-GigabitEthernet4/1/1] macsec replay-protection enable

Related commands

display macsec

macsec replay-protection window-size

mka apply policy

replay-protection enable