Table of Contents
Advertisement
Examples
# Clear MKA statistics on GigabitEthernet 1/0/1.
<Sysname> reset mka statistics interface gigabitethernet 1/0/1
Related commands
display mka statistics
validation mode
Use validation mode to set a MACsec validation mode in an MKA policy.
Use undo validation mode to restore the default.
Syntax
validation mode { check | strict }
undo validation mode
Default
The MACsec validation mode is check. The device performs validation only and does not drop illegal
frames.
Views
MKA policy view
Predefined user roles
network-admin
mdc-admin
Parameters
check: Performs validation only and does not drop illegal frames.
strict: Performs validation and drops illegal frames.
Usage guidelines
To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA
negotiation failure. After you use the display macsec command to verify that MKA negotiation has
succeeded, change the validation mode to strict.
When an MKA policy is applied to a port, the MACsec validation mode in the policy overwrites the
MACsec validation mode already configured on the port.
Examples
# Set the MACsec validation mode to strict in MKA policy abcd.
<Sysname> system-view
[Sysname] mka policy abcd
[Sysname-mka-policy-abcd] validation mode strict
Related commands
macsec validation mode
mka apply policy
688
Advertisement
Table of Contents
