mka apply policy
Use mka apply policy to apply an MKA policy to a port.
Use undo mka apply policy to remove the MKA policy from a port.
Syntax
mka apply policy policy-name
undo mka apply policy
Default
No MKA policy is applied to the port.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies the name of an MKA policy, a case-sensitive string of 1 to 16 characters.
Usage guidelines
An MKA policy defines MACsec parameters, including confidentiality offset, validation mode, replay protection, and replay protection window size.
When you apply an MKA policy to a port, the MACsec parameter settings in the policy overwrite the MACsec parameters previously configured on the port. Any modifications to the MKA policy take effect immediately.
When you remove the MKA policy from a port, the MACsec parameter settings on the port restore to the default.
When you delete an MKA policy, ports that use the policy automatically use the system-defined MKA policy default-policy.
When you apply a nonexistent MKA policy to a port, the port automatically uses the system-defined MKA policy default-policy. After you create the specified policy, the policy will be automatically applied to the port.
Examples
# Apply MKA policy abcd to Ten-GigabitEthernet 4/1/1.
<Sysname> system-view [Sysname] interface ten-gigabitethernet 4/1/1 [Sysname-Ten-GigabitEthernet4/1/1] mka apply policy abcd
Related commands
confidentiality-offset
display mka policy
replay-protection enable
replay-protection window-size
validation mode