A peer may support the use of one or more preshared keys (PSKs). An instance of MKA operates for each PSK that is administratively configured as active.
A preshared key is either created by NSP or configured using the CLI. Each PSK is configured using the following fields:
CKN
CAK value
The CKN must be unique for each port among the configured sub-ports, and can be used to identify the key in subsequent management operations.
Each static CAK configuration can have two preshared key entries for rollover. The active PSK index dictates which CAK is being used for encrypting the MKA PDUs.
NSP has additional functionality to rollover and configure the PSK. The rollover using NSP can be based on a configured timer.