Enabling MACsec desire ································································································································ 494
Configuring a preshared key ·························································································································· 495
Configuring an MKA policy ····················································································································· 497
Applying an MKA policy ························································································································· 498
Network requirements ···························································································································· 498
Configuration procedure ························································································································· 499
Verifying the configuration ······················································································································ 500
Troubleshooting MACsec ······························································································································· 502
Configuring MFF ························································································· 503
Overview ························································································································································ 503
Basic concepts ······································································································································· 504
MFF operation modes ···························································································································· 504
MFF working mechanism ······················································································································· 505
Protocols and standards ························································································································ 505
Configuring MFF ············································································································································ 505
Enabling MFF ········································································································································· 505
Configuring a network port ····················································································································· 506
Displaying and maintaining MFF ···················································································································· 507
MFF configuration examples ·························································································································· 507
Overview ························································································································································ 514
About ND attack detection ····················································································································· 515
Configuration guidelines ························································································································· 515
Configuration procedure ························································································································· 516
Configuring RA guard ···································································································································· 516
About RA guard ······································································································································ 516
RA guard configuration example ···················································································································· 518
Network requirements ···························································································································· 518
Configuration procedure ························································································································· 519
Verifying the configuration ······················································································································ 520
Configuring keychains ················································································· 521
Overview ························································································································································ 521
Configuration procedure ································································································································ 521
Keychain configuration example ···················································································································· 522
Network requirements ···························································································································· 522
Configuration procedure ························································································································· 522
xi