replay-protection window-size
Use replay-protection window-size to set the MACsec replay protection window size in an MKA policy.
Use undo replay-protection window-size to restore the default.
Syntax
replay-protection window-size size-value
undo replay-protection window-size
Default
The MACsec replay protection window size in an MKA policy is 0. The device accepts only frames that arrive in the correct order. Out-of-order or duplicated frames will be dropped.
Views
MKA policy view
Predefined user roles
network-admin
mdc-admin
Parameters
size-value: Specifies the replay protection window size, in the range of 0 to 4294967295 frames.
Usage guidelines
The MACsec replay protection window size allows a MACsec port to accept a number of out-of-order inbound frames.
Suppose the replay protection window size is a on a port. After the port receives a packet with PN x, it can accept only packets whose PN is greater than or equal to x-a.
The replay protection window size takes effect only when the replay protection feature is enabled on the port.
Set a replay protection window size based on the forwarding path of frames. If the frames might be forwarded multiple times, set a large replay protection window size.
When an MKA policy is applied to a port, the replay protection window size in the policy overwrites the window size already configured on the port.
Examples
# Set the MACsec replay protection window size to 100 in MKA policy abcd.
<Sysname> system-view [Sysname] mka policy abcd [Sysname-mka-policy-abcd] replay-protection window-size 100
Related commands
macsec replay-protection window-size
macsec replay-protection enable
mka apply policy