Applying an MKA policy
MKA policy provides a centralized method to configure MACsec confidentiality offset, replay
protection, and validation mode. An MKA policy can be applied to a port or multiple ports. When you
apply an MKA policy to a port, follow these restrictions and guidelines:
•
The MACsec parameter settings configured in the MKA policy overwrite the MACsec
parameters previously configured on the port.
•
Any modifications to the MKA policy take effect immediately.
•
When you remove an MKA policy application from the port, the MACsec parameter settings on
the port restore to the default.
•
When you apply a nonexistent MKA policy to the port, the port automatically uses the default
MKA policy. If you create the policy, the policy will be automatically applied to the port.
To apply an MKA policy to a port:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Apply an MKA policy.
Displaying and maintaining MACsec
Execute display commands in any view and reset commands in user view.
Task
Display MACsec information on ports.
Display MKA session information.
Display MKA policy information.
Display MKA statistics on ports.
Reset MKA sessions on ports.
Clear MKA statistics on ports.
Device-oriented MACsec configuration example
Network requirements
As shown in
Command
system-view
interface interface-type
interface-number
mka apply policy policy-name
Figure
146, Device A is the MACsec key server.
Command
display macsec [ interface interface-type
interface-number ] [ verbose ]
display mka session [ interface interface-type
interface-number | local-sci sci-id ] [ verbose ]
display mka { default-policy | policy [ name
policy-name ] }
display mka statistics [ interface interface-type
interface-number ]
reset mka session [ interface interface-type
interface-number ]
reset mka statistics [ interface interface-type
interface-number ]
498
Remarks
N/A
N/A
By default, no MKA policy is
applied to the port.