Macsec Configuration Examples; Client-Oriented Macsec Configuration Example (Host As Client) - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Task
Display MKA policy information.
Display MKA statistics on ports.
Reset MKA sessions on ports.
Clear MKA statistics on ports.
MACsec configuration examples
Client-oriented MACsec configuration example (host as
client)
Network requirements
As shown in
performs RADIUS-based 802.1X authentication for the host to control user access to the Internet.
To ensure secure communication between the host and device, perform the following tasks on the
device:
•
Enable MACsec desire, and configure MKA to negotiate SAKs for packet encryption.
•
Set the MACsec confidentiality offset to 30 bytes.
•
Enable MACsec replay protection, and set the replay protection window size to 100.
•
Set the MACsec validation mode to strict.
Figure 148 Network diagram
Host
192.168.1.2/24
Configuration procedure
1.
Configure the RADIUS server to provide authentication, authorization, and accounting services.
Add a user account for the host. (Details not shown.)
2.
Configure IP addresses for the Ethernet ports. (Details not shown.)
3.
Configure AAA:
# Enter system view.
<Device> system-view
Figure
148, the host accesses the network through GigabitEthernet 1/0/1. The device
GE1/0/2
10.1.1.10/24
GE1/0/1
192.168.1.1/24
Device
Command
interface-number | local-sci sci-id ] [ verbose ]
display mka { default-policy | policy [ name
policy-name ] }
display mka statistics [ interface interface-type
interface-number ]
reset mka session [ interface interface-type
interface-number ]
reset mka statistics [ interface interface-type
interface-number ]
RADIUS server
10.1.1.1/24
Internet
485
Advertisement
Table of Contents
Troubleshooting
