Macsec Configuration Examples; Client-Oriented Macsec Configuration Example - HPE FlexNetwork 5510 HI Series Macsec Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Security configuration manual (551 pages) ,
- Mpls configuration manual (505 pages)
Table of Contents
Advertisement
Task
Display MKA policy information.
Display MKA statistics on ports.
Reset MKA sessions on ports.
Clear MKA statistics on ports.
MACsec configuration examples
Client-oriented MACsec configuration example
Network requirements
As shown in
performs RADIUS-based 802.1X authentication for the host to control user access to the Internet.
To ensure secure communication between the host and device, perform the following tasks on the
device:
•
Enable MACsec desire, and configure MKA to negotiate SAKs for packet encryption.
•
Set the MACsec confidentiality offset to 30 bytes.
•
Enable MACsec replay protection, and set the replay protection window size to 100.
•
Set the MACsec validation mode to strict.
Figure 5 Network diagram
Configuration procedure
1.
Configure the RADIUS server to provide authentication, authorization, and accounting services.
Add a user account for the host. (Details not shown.)
2.
Configure IP addresses for the Ethernet ports. (Details not shown.)
3.
Configure AAA:
# Enter system view.
<Device> system-view
# Configure the RADIUS scheme radius1.
[Device] radius scheme radius1
Figure
5, the host accesses the network through GigabitEthernet 1/0/1. The device
Command
display mka { default-policy | policy [ name
policy-name ] }
display mka statistics [ interface interface-type
interface-number ]
reset mka session [ interface interface-type
interface-number ]
reset mka statistics [ interface interface-type
interface-number ]
11
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the FlexNetwork 5510 HI Series and is the answer not in the manual?