Configuring A Preshared Key; Configuring The Mka Key Server Priority - HPE FlexNetwork 5510 HI Series Security Configuration Manual

•
A minimum of one participant is enabled with MACsec desire.
To enable MACsec desire:
Step
1. Enter system view.
2. Enter interface view.
3. Enable MACsec desire.

Configuring a preshared key

In device-oriented mode, configure a preshared key as the CAK to be used during MKA negotiation.
To successfully establish an MKA session between two devices, make sure the connected MACsec
ports are configured with the same preshared key.
A user-configured preshared key has higher priority than the 802.1X-generated CAK. To ensure a
successful MKA session establishment, do not configure a preshared key in client-oriented mode.
To configure a preshared key:
Step
1. Enter system view.
2. Enter interface view.
3. Configure a preshared key.

Configuring the MKA key server priority

Configure an MKA key server priority for key server selection. The lower the priority value, the higher
the priority.
Command
system-view
interface
interface-type
interface-number
macsec desire
Command
system-view
interface interface-type
interface-number
mka psk ckn name cak simple
value
466
Remarks
N/A
N/A
By default, the port does not
expect MACsec protection for
outbound frames.
Remarks
N/A
N/A
By default, no MKA preshared key
exists on the port.
The MACsec cipher
supported by HPE
requires that the CKN and CAK
each must be 32 characters long.
If the configured CKN or CAK is
not 32 characters long,
system performs the following
operations when it runs the cipher
suite:
•
Automatically increases the
length of the CKN or CAK by
zero padding if the CKN or
CAK contains less than 32
characters.
•
Uses only the
characters if the CKN or CAK
contains more than
characters.
suite
devices
the
first 32
32