Configuring MFF ························································································ 550
Overview ························································································································································ 550
Basic concepts ······································································································································· 551
MFF operation mode ······························································································································ 551
MFF working mechanism ······················································································································· 552
Protocols and standards ························································································································ 552
Configuration procedure································································································································· 552
Enabling MFF ········································································································································· 552
Configuring a network port ····················································································································· 552
Displaying and maintaining MFF ···················································································································· 553
MFF configuration examples ·························································································································· 554
Configuring FIPS ······················································································· 557
Overview ························································································································································ 557
Configuring FIPS mode ·································································································································· 558
Entering FIPS mode ······························································································································· 558
Exiting FIPS mode ································································································································· 560
FIPS self-tests ················································································································································ 560
Power-up self-tests ································································································································ 561
Conditional self-tests ······························································································································ 561
Triggering self-tests ································································································································ 562
FIPS configuration examples ························································································································· 562
Configuring MACsec ·················································································· 567
Overview ························································································································································ 567
Basic concepts ······································································································································· 567
MACsec services ··································································································································· 567
MACsec applications ······························································································································ 568
MACsec operating mechanism ·············································································································· 568
Protocols and standards ························································································································ 570
MACsec configuration task list ······················································································································· 571
Enabling MKA ················································································································································ 571
Enabling MACsec desire ································································································································ 572
Configuring a preshared key ·························································································································· 572
Configuring an MKA policy ····················································································································· 575
Applying an MKA policy ························································································································· 575
Enabling MKA session logging······················································································································· 576
Overview ················································································································································ 576
Configuration procedure ························································································································· 576
xiii