Configuring Macsec Replay Protection; Configuring The Macsec Validation Mode; Configuring Macsec Protection Parameters By Mka Policy; Configuring An Mka Policy - HPE FlexNetwork 5510 HI Series Security Configuration Manual

Configuring MACsec replay protection

The MACsec replay protection feature allows a MACsec port to accept a number of out-of-order or
repeated inbound frames. The configured replay protection window size is effective only when
MACsec replay protection is enabled.
To configure MACsec replay protection:
Step
1. Enter system view.
2. Enter interface view.
3. Enable
protection.
4. Set the
protection window size.

Configuring the MACsec validation mode

The MACsec validation allows a port to perform integrity check based on the following validation
modes:
•
check—Performs validation only, and does not drop illegal frames.
•
disabled—Does not perform validation.
•
strict—Performs validation, and drops illegal frames.
In the current software version, only the strict mode is supported.
To configure the MACsec validation mode:
Step
1. Enter system view.
2. Enter interface view.
3. Configure
validation mode.
Configuring MACsec protection parameters by
MKA policy

Configuring an MKA policy

Step
1. Enter system view.
2. Create an MKA policy, and
enter MKA policy view.
Command
system-view
interface
interface-number
MACsec replay
macsec
enable
MACsec replay
macsec
window-size size-value
Command
system-view
interface
interface-number
the MACsec
macsec
{ check | disabled | strict }
Command
system-view
mka policy policy-name
interface-type
replay-protection
replay-protection
interface-type
validation mode
468
Remarks
N/A
N/A
By default, MACsec
protection is enabled on the port.
The default setting is 0, and
frames are accepted only in the
correct order.
Remarks
N/A
N/A
In the current software version,
only the strict mode is supported.
Remarks
N/A
By default, an MKA policy named
default-policy exists.
replay