Macsec Configuration Task List; Enabling Mka - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
•
In client-oriented mode, do not enable the spanning tree feature on MACsec-enabled ports. For
information about spanning tree commands, see Layer 2–LAN Switching Command Reference.
•
MACsec is not supported on an aggregate interface, but it is supported on the member ports of
an aggregation group.
•
The MACsec header occupies 38 bytes in each frame. Please take into consideration the
header when you plan the network capacity.
MACsec configuration task list
To configure MACsec, perform the following tasks:
Tasks at a glance
(Required.)
(Optional.)
Enabling MACsec desire
(Optional.)
Configuring a preshared key
(Optional.)
Configuring the MKA key server priority
(Optional.) Use one of the following methods to
configure MACsec protection parameters:
•
Configuring MACsec protection parameters in
interface
Configuring the MACsec confidentiality
offset
Configuring MACsec replay protection
Configuring the MACsec validation mode
•
Configuring MACsec protection parameters by
MKA
policy:
Configuring an MKA policy
Applying an MKA policy
(Optional.)
Enabling MKA session logging
Enabling MKA
MKA establishes and manages MACsec secure channels on a port. It also negotiates keys used by
MACsec.
You cannot enable MKA on a MACsec-incapable port.
To enable MKA:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable MKA.
Enabling MKA
view:
Remarks
N/A
N/A
This task is required in device-oriented mode.
N/A
N/A
N/A
Command
system-view
interface interface-type
interface-number
mka enable
571
Remarks
N/A
N/A
By default, MKA is disabled on the
port.
Advertisement
Table of Contents
Troubleshooting
