28. macsec Commands
28.1. macsec Command Descriptions
macsec
Synopsis
Enter the macsec context
Tree
Introduced
16.0.R1
Platforms
All
connectivity-association [ca-name] string
Synopsis
Enter the connectivity-association list instance
Context
Introduced
16.0.R1
Platforms
All
[ca-name] string
Synopsis
Connectivity association name
Context
String Length
1 to 32
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
admin-state keyword
Synopsis
Administrative state of the connectivity association
Context
configure macsec connectivity-association string admin-state keyword
Tree
Default
disable
Options
enable, disable
Introduced
16.0.R1
Platforms
All
cipher-suite keyword
Synopsis
Data path encryption algorithm
Context
configure macsec connectivity-association string cipher-suite keyword
Tree
Default
gcm-aes-128
Options
gcm-aes-128, gcm-aes-256, gcm-aes-xpn-128, gcm-aes-xpn-256
Introduced
16.0.R1
Platforms
All
clear-tag-mode keyword
 | Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Clear tag mode for clear text before the SecTAG
Context
configure macsec connectivity-association string clear-tag-mode keyword
Tree
Default
none
Options
none, single-tag, dual-tag
Introduced
16.0.R1
Platforms
All
delay-protection boolean
| Warning: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. |
Synopsis
Enable delay protection
Context
configure macsec connectivity-association string delay-protection boolean
Tree
Default
false
Introduced
20.10.R1
Platforms
All
description string
Synopsis
Text description
Context
configure macsec connectivity-association string description string
Tree
String Length
1 to 80
Introduced
16.0.R1
Platforms
All
encryption-offset number
Synopsis
Confidentiality (encryption) offset
Context
configure macsec connectivity-association string encryption-offset number
Tree
Range
0 | 30 | 50
Default
0
Introduced
16.0.R1
Platforms
All
macsec-encrypt boolean
Synopsis
Encrypt and authenticate all PDUs
Context
configure macsec connectivity-association string macsec-encrypt boolean
Tree
Default
true
Introduced
16.0.R1
Platforms
All
replay-protection boolean
Synopsis
Discard packet when not within the replay window size
Context
configure macsec connectivity-association string replay-protection boolean
Tree
Default
false
Introduced
16.0.R1
Platforms
All
replay-window-size number
Synopsis
Replay protection window size
Context
configure macsec connectivity-association string replay-window-size number
Tree
Range
0 to 4294967294
Default
0
Introduced
16.0.R1
Platforms
All
static-cak
Synopsis
Enter the static-cak context
Context
Tree
Introduced
16.0.R1
Platforms
All
active-psk number
Synopsis
Active pre-shared-key (PSK)
Context
configure macsec connectivity-association string static-cak active-psk number
Tree
Range
1 to 2
Default
1
Introduced
16.0.R1
Platforms
All
mka-hello-interval keyword
Synopsis
MKA hello interval
Context
configure macsec connectivity-association string static-cak mka-hello-interval keyword
Tree
Description
This command configures the interval at which MKA hello packets are sent or received for the connectivity association.
Default
2
Options
1, 2, 3, 4, 5, 6, 500ms
Introduced
19.5.R1
Platforms
All
mka-key-server-priority number
Synopsis
Key server priority used by the MKA protocol
Context
configure macsec connectivity-association string static-cak mka-key-server-priority number
Range
0 to 255
Default
16
Introduced
16.0.R1
Platforms
All
pre-shared-key [psk-id] number
Synopsis
Enter the pre-shared-key list instance
Context
configure macsec connectivity-association string static-cak pre-shared-key number
Tree
Max. Elements
2
Introduced
16.0.R1
Platforms
All
[psk-id] number
Synopsis
Pre-shared-key (PSK) ID
Context
configure macsec connectivity-association string static-cak pre-shared-key number
Range
1 to 2
Notes
This element is part of a list key.
Introduced
16.0.R1
Platforms
All
cak string
Synopsis
Connectivity association key (CAK) for the PSK
Context
configure macsec connectivity-association string static-cak pre-shared-key number cak string
Tree
String Length
1 to 71
Introduced
16.0.R1
Platforms
All
cak-name string
Synopsis
Connectivity Association Key (CAK) name for the PSK
Context
configure macsec connectivity-association string static-cak pre-shared-key number cak-name string
Tree
String Length
1 to 64
Introduced
16.0.R1
Platforms
All
encryption-type keyword
Synopsis
Encryption for authentication of the MKA packet
Context
configure macsec connectivity-association string static-cak pre-shared-key number encryption-type keyword
Tree
Options
aes-128-cmac, aes-256-cmac
Notes
This element is mandatory.
Introduced
16.0.R1
Platforms
All
mac-policy [mac-policy-id] number
Synopsis
Enter the mac-policy list instance
Context
configure macsec mac-policy number
Tree
Introduced
16.0.R5
Platforms
All
[mac-policy-id] number
Synopsis
MAC address policy ID
Context
configure macsec mac-policy number
Notes
This element is part of a list key.
Introduced
16.0.R5
Platforms
All
destination-mac-address [dest-mac-addr] string
Synopsis
Add a list entry for destination-mac-address
Context
configure macsec mac-policy number destination-mac-address string
Max. Elements
5
Introduced
16.0.R5
Platforms
All
[dest-mac-addr] string
Synopsis
Destination MAC address added to the MAC policy
Context
configure macsec mac-policy number destination-mac-address string
Notes
This element is part of a list key.
Introduced
16.0.R5
Platforms
All