macsec replay-protection window-size
Use macsec replay-protection window-size to set the MACsec replay protection window size on a port.
Use undo macsec replay-protection window-size to restore the default.
Syntax
macsec replay-protection window-size size-value
undo macsec replay-protection window-size
Default
The MACsec replay protection window size is 0 on a port. The device accepts only frames that arrive in the correct order. Out-of-order or duplicated frames will be dropped.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
size-value: Specifies the replay protection window size, in the range of 0 to 4294967295 frames.
Usage guidelines
To allow a MACsec port to accept a number of out-of-order frames, enable replay protection and specify a replay protection window size on the port.
Suppose the replay protection window size is a on a port. After the port receives a packet with packet number (PN) x, it can accept only packets whose PN is greater than or equal to x-a.
The replay protection window size takes effect only when the replay protection feature is enabled on the port.
Set a replay protection window size based on the forwarding path of frames. If the frames might be forwarded multiple times, set a large replay protection window size.
If you execute this command on a port to which an MKA policy has been applied, the configuration overwrites the replay protection window size in the MKA policy. The MKA policy application is removed from the port. However, other settings (settings for parameters except the replay protection window size) of the MKA policy are effective on the port.
Examples
# Set the MACsec replay protection window size to 100 on Ten-GigabitEthernet 4/1/1.
<Sysname> system-view [Sysname] interface ten-gigabitethernet 4/1/1 [Sysname-Ten-GigabitEthernet4/1/1] macsec replay-protection window-size 100
Related commands
display macsec
macsec replay-protection enable
mka apply policy
replay-protection window-size