replay-protection window-size

Use replay-protection window-size to set the MACsec replay protection window size in an MKA policy.

Use undo replay-protection window-size to restore the default.

Syntax

replay-protection window-size size-value

undo replay-protection window-size

Default

The MACsec replay protection window size in an MKA policy is 0. The device accepts only frames that arrive in the correct order. Out-of-order or duplicated frames will be dropped.

Views

MKA policy view

Predefined user roles

network-admin

mdc-admin

Parameters

size-value: Specifies the replay protection window size, in the range of 0 to 4294967295 frames.

Usage guidelines

The MACsec replay protection window size allows a MACsec port to accept a number of out-of-order inbound frames.

Suppose the replay protection window size is a on a port. After the port receives a packet with PN x, it can accept only packets whose PN is greater than or equal to x-a.

The replay protection window size takes effect only when the replay protection feature is enabled on the port.

Set a replay protection window size based on the forwarding path of frames. If the frames might be forwarded multiple times, set a large replay protection window size.

When an MKA policy is applied to a port, the replay protection window size in the policy overwrites the window size already configured on the port.

Examples

# Set the MACsec replay protection window size to 100 in MKA policy abcd.

<Sysname> system-view
[Sysname] mka policy abcd
[Sysname-mka-policy-abcd] replay-protection window-size 100

Related commands

macsec replay-protection window-size

macsec replay-protection enable

mka apply policy