Device-Oriented Macsec Configuration Example - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Current SAK KI (KN)
Previous SAK status
Previous SAK AN
Previous SAK KI (KN)
Live peer list:
MI
B2CAF896C9BFE2ABFB135E63
# Display MKA session information on GigabitEthernet 1/0/3 after 802.1X client user bbbb comes
online.
[Switch] display mka session interface gigabitethernet 1/0/3 verbose
Interface GigabitEthernet1/0/3
Tx-SCI
: A087100801000103
Priority
: 0
Capability: 3
CKN for participant: 7B8784F16F85ED8F9D0130AA9B93D0F0
Key server
MI (MN)
Live peers
Potential peers
Principal actor
MKA session status
Confidentiality offset: 0 bytes
Current SAK status
Current SAK AN
Current SAK KI (KN)
Previous SAK status
Previous SAK AN
Previous SAK KI (KN)
Live peer list:
MI
FCA71854FCAE51398EC2DA79
Device-oriented MACsec configuration example
Network requirements
As shown in
To secure data transmission between the two devices by MACsec, perform the following tasks on
Device A and Device B, respectively:
•
Set the MACsec confidentiality offset to 30 bytes.
•
Enable MACsec replay protection, and set the replay protection window size to 100.
•
Set the MACsec validation mode to strict.
•
Configure the CAK name (CKN) and the CAK as E9AC and 09DB3EF1, respectively.
Figure 150 Network diagram
GE1/0/1
Device A
: A1E0D2897596817209CD230700000002 (2)
: N/A
: N/A
: N/A
MN
2512
: No
: D3F6D374598C8FD1F1819D6C (78)
: 1
: 0
: Yes
: Secured
: Rx & Tx
: 0
: FCA71854FCAE51398EC2DA7900000001 (1)
: N/A
: N/A
: N/A
MN
71
Figure
150, Device A is the MACsec key server.
GE1/0/1
Priority
Capability
0
3
Priority
Capability
0
3
Device B
491
Rx-SCI
00E0020000000106
Rx-SCI
A0872B3602000003
Advertisement
Table of Contents
Troubleshooting
