HPE FlexNetwork 5510 HI Series Security Configuration Manual page 487

# Set the MKA key server priority to 10.
[DeviceB-GigabitEthernet1/0/1] mka priority 10
# Configure the CKN as E9AC and the CAK as 09DB3EF1 in plain text.
[DeviceB-GigabitEthernet1/0/1] mka psk ckn E9AC cak simple 09DB3EF1
# Set the MACsec confidentiality offset to 30 bytes.
[DeviceB-GigabitEthernet1/0/1] macsec confidentiality-offset 30
# Enable MACsec replay protection.
[DeviceB-GigabitEthernet1/0/1] macsec replay-protection enable
# Set the MACsec replay protection window size to 100.
[DeviceB-GigabitEthernet1/0/1] macsec replay-protection window-size 100
# Set the MACsec validation mode to strict.
[DeviceB-GigabitEthernet1/0/1] macsec validation mode strict
# Enable MKA on GigabitEthernet 1/0/1.
[DeviceB-GigabitEthernet1/0/1] mka enable
[DeviceB-GigabitEthernet1/0/1] quit
Verifying the configuration
# Display MACsec information on GigabitEthernet 1/0/1 of Device A.
[DeviceA] display macsec interface gigabitethernet 1/0/1 verbose
Interface GigabitEthernet1/0/1
Protect frames
Replay protection
Replay window size
Confidentiality offset : 30 bytes
Validation mode
Included SCI
SCI conflict
Cipher suite
Transmit secure channel:
SCI
Elapsed time: 00h:05m:00s
Current SA
Receive secure channels:
SCI
Elapsed time: 00h:03m:18s
Current SA
Previous SA : AN N/A
# Display MKA session information on GigabitEthernet 1/0/1 of Device A.
[DeviceA] display mka session interface gigabitethernet 1/0/1 verbose
Interface GigabitEthernet1/0/1
Tx-SCI
Priority
Capability: 3
CKN for participant: E9AC
Key server
MI (MN)
Live peers
Potential peers
: Yes
: Enabled
: 100 frames
: Strict
: No
: No
: GCM-AES-128
: 00E00100000A0006
: AN 0
: 00E0020000000106
: AN 0
: 00E00100000A0006
: 5
: Yes
: 85E004AF49934720AC5131D3 (182)
: 1
: 0
PN 1
LPN 1
LPN N/A
474