Configuring Macsec And Mka - Cisco Catalyst 4500 Series Configuration Manual

Configuring MACsec and MKA

MKPDU Failures
MKPDU Tx......................... 0
MKPDU Rx Validation.............. 0
MKPDU Rx Bad Peer MN............. 0
MKPDU Rx Non-recent Peerlist MN.. 0
For description of the output fields, see the command reference for this release.
Configuring MACsec and MKA
•
•
•
Default MACsec MKA Configuration
MACsec is disabled. No MKA policies are configured.
Configuring an MKA Policy
To create an MKA Protocol policy, perform this task. Note that MKA also requires that you enable
802.1X.
Command
Step 1
configure terminal
Step 2
mka policy policy-name
Step 3
replay-protection window-size
frames
Step 4
end
Step 5
show mka policy
Step 6
copy running-config startup-config
This example configures the MKA policy relay-policy:
Switch(config)# mka policy replay-policy
Switch(config-mka-policy)# replay-protection window-size 300
Switch(config-mka-policy)# end
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
43-6
Default MACsec MKA Configuration, page 43-6
Configuring an MKA Policy, page 43-6
Configuring MACsec on an Interface, page 43-7
Purpose
Enters global configuration mode.
Identifies an MKA policy, and enter MKA policy configuration mode. The
maximum policy name length is 16 characters.
Enables replay protection, and configure the window size in number of
frames. The range is from 0 to 4294967295. The default window size is 0.
Entering a window size of 0 is not the same as entering the no
replay-protection command. Configuring a window size of 0 uses replay
protection with a strict ordering of frames. Entering no replay-protection
turns off MACsec replay-protection.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Chapter 43 Configuring MACsec Encryption
OL-25340-01