Macsec Configuration Task List; Enabling Mka; Enabling Macsec Desire - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
MACsec configuration task list
Tasks at a glance
(Required.)
(Optional.)
Enabling MACsec desire
(Required.)
(Optional.)
Configuring the MKA key server priority
(Optional.) Use one of the following methods to configure MACsec protection parameters:
•
Configuring MACsec protection parameters in interface
Configuring the MACsec confidentiality offset
Configuring MACsec replay protection
Configuring the MACsec validation mode
•
Configuring MACsec protection parameters by MKA
Configuring an MKA policy
Applying an MKA policy
Enabling MKA
MKA establishes and manages MACsec secure channels on a port. It also negotiates keys used by
MACsec.
You cannot enable MKA on a MACsec-incapable port.
To enable MKA:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable MKA.
Enabling MACsec desire
The MACsec desire feature expects MACsec protection for outbound frames. The key server
determines whether MACsec protects the outbound frames.
MACsec protects the outbound frames of a port when the following requirements are met:
•
The key server is MACsec capable.
•
Both the local participant and its peer are MACsec capable.
•
A minimum of one participant is enabled with MACsec desire.
To enable MACsec desire:
Step
1.
Enter system view.
Enabling MKA
Configuring a preshared key
view:
policy:
Command
system-view
interface interface-type
interface-number
mka enable
Command
system-view
494
Remarks
N/A
N/A
By default, MKA is disabled on the
port.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
