[x]

MACsec commands > validation mode

 

 Next

validation mode

Use validation mode to set a MACsec validation mode in an MKA policy.

Use undo validation mode to restore the default.

Syntax

validation mode { check | strict }

undo validation mode

Default

The MACsec validation mode is check. The device performs validation only and does not drop illegal frames.

Views

MKA policy view

Predefined user roles

network-admin

mdc-admin

Parameters

check: Performs validation only and does not drop illegal frames.

strict: Performs validation and drops illegal frames.

Usage guidelines

To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA negotiation failure. After you use the display macsec command to verify that MKA negotiation has succeeded, change the validation mode to strict.

When an MKA policy is applied to a port, the MACsec validation mode in the policy overwrites the MACsec validation mode already configured on the port.

Examples

# Set the MACsec validation mode to strict in MKA policy abcd.

<Sysname> system-view
[Sysname] mka policy abcd
[Sysname-mka-policy-abcd] validation mode strict

Related commands

macsec validation mode

mka apply policy

prev

 

up

 next

reset mka statistics 

home

 Document conventions and icons

© Copyright 2018 Hewlett Packard Enterprise Development LP