validation mode
Use validation mode to set a MACsec validation mode in an MKA policy.
Use undo validation mode to restore the default.
Syntax
validation mode { check | strict }
undo validation mode
Default
The MACsec validation mode is check. The device performs validation only and does not drop illegal frames.
Views
MKA policy view
Predefined user roles
network-admin
mdc-admin
Parameters
check: Performs validation only and does not drop illegal frames.
strict: Performs validation and drops illegal frames.
Usage guidelines
To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA negotiation failure. After you use the display macsec command to verify that MKA negotiation has succeeded, change the validation mode to strict.
When an MKA policy is applied to a port, the MACsec validation mode in the policy overwrites the MACsec validation mode already configured on the port.
Examples
# Set the MACsec validation mode to strict in MKA policy abcd.
<Sysname> system-view [Sysname] mka policy abcd [Sysname-mka-policy-abcd] validation mode strict
Related commands
macsec validation mode
mka apply policy