HPE FlexNetwork 10500 Series Security Configuration Manual page 598

[Switch-GigabitEthernet1/0/2] mka enable
[Switch-GigabitEthernet1/0/2] quit
# Create VLAN 3.
[Switch] vlan 3
[Switch-vlan3] quit
# Configure GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLAN 3.
[Switch] interface gigabitethernet 1/0/3
[Switch-GigabitEthernet1/0/3] port link-type trunk
[Switch-GigabitEthernet1/0/3] port trunk permit vlan 3
# Configure the 802.1X client username as bbbb, and set the password to 654321 in plaintext
form on GigabitEthernet 1/0/3.
[Switch-GigabitEthernet1/0/3] dot1x supplicant username bbbb
[Switch-GigabitEthernet1/0/3] dot1x supplicant password simple 654321
# Specify TTLS-GTC as the 802.1X client EAP authentication method on GigabitEthernet 1/0/3.
[Switch-GigabitEthernet1/0/3] dot1x supplicant eap-method ttls-gtc
# Specify MAC address 1-1-2 for 802.1X client authentication on GigabitEthernet 1/0/3.
[Switch-GigabitEthernet1/0/3] dot1x supplicant mac-address 1-1-2
# Enable the 802.1X client feature on GigabitEthernet 1/0/3.
[Switch-GigabitEthernet1/0/3] dot1x supplicant enable
# Configure MACsec desire and enable MKA on GigabitEthernet 1/0/3.
[Switch-GigabitEthernet1/0/3] macsec desire
[Switch-GigabitEthernet1/0/3] mka enable
[Switch-GigabitEthernet1/0/3] quit
Verifying the configuration
# Display MACsec information on GigabitEthernet 1/0/2.
[Switch] display macsec interface gigabitethernet 1/0/2 verbose
Interface GigabitEthernet1/0/2
Protect frames
Replay protection
Replay window size
Confidentiality offset : 0 bytes
Validation mode
Included SCI
SCI conflict
Cipher suite
Transmit secure channel:
SCI
Elapsed time: 00h:02m:07s
Current SA
Receive secure channels:
SCI
Elapsed time: 00h:02m:03s
Current SA
Previous SA : AN N/A
# Display MACsec information on GigabitEthernet 1/0/3.
[Switch] display macsec interface gigabitethernet 1/0/3 verbose
Interface GigabitEthernet1/0/3
: Yes
: Enabled
: 0 frames
: Check
: No
: No
: GCM-AES-128
: 00E00100000A0006
: AN 0 PN 1
: 00E0020000000106
: AN 0 LPN 1
LPN N/A
581