Configuring The Macsec Validation Mode; Configuring Macsec Protection Parameters By Mka Policy; Configuring An Mka Policy - HPE FlexNetwork 7500 Series Security Configuration Manual

To configure MACsec replay protection:
Step
1. Enter system view.
2. Enter interface view.
3. Enable MACsec replay
protection.
4. Set the MACsec replay
protection window size.

Configuring the MACsec validation mode

The MACsec validation allows a port to perform integrity check based on the following validation
modes:
•
check—Performs validation only, and does not drop illegal frames.
•
strict—Performs validation, and drops illegal frames.
To avoid data loss, use the default validation mode check on the MACsec devices in case of MKA
negotiation failure. After you use the display macsec command to verify that MKA negotiation has
succeeded, change the validation mode to strict.
To configure the MACsec validation mode:
Step
1. Enter system view.
2. Enter interface view.
3. Set a MACsec validation
mode.
Configuring MACsec protection parameters by
MKA policy

Configuring an MKA policy

Step
1. Enter system view.
2. Create an MKA policy and
enter its view.
Command
system-view
interface interface-type
interface-number
macsec replay-protection
enable
macsec replay-protection
window-size size-value
Command
system-view
interface interface-type
interface-number
macsec validation mode
{ check | strict }
Command
system-view
mka policy policy-name
483
Remarks
N/A
N/A
By default, MACsec replay
protection is enabled on the port.
The default setting is 0, and
frames are accepted only in the
correct order.
Remarks
N/A
N/A
The default setting is check.
If you execute this command
multiple times, the most recent
configuration takes effect.
Remarks
N/A
By default, a system-defined MKA
policy exists. The policy name is
default-policy.
The settings for parameters in the
default policy are the same as the
default settings for the parameters
on a port.