Use this command to enable or disable the MACsec Key Agreement (MKA) protocol for this port access entity.
enable | disable | Enables or disables the MKA protocol for all ports or the specified ports. MKA is globally disabled by default. |
port-string | (Optional) Specifies the port(s) to reinitialize or reauthenticate. |
If a portāor ports are not specified, the command applies to all ports.
All command modes.
The MACsec Key Agreement Protocol (MKA) is used to discover remote peers attached to the same LAN, to confirm mutual possession of a CAK (as configured via PSK), and to securely distribute the secret keys (SAKs) used by MACsec for symmetric key cryptography.
When MKA is enabled port access is immediately enforced per MACsec Access Control configuration (that is, set macsec nid unauthAllowed), with the default behavior being port down and all traffic is dropped. Once MKA successfully authenticates the remote peer (using PSK credentials), elects a Key Server, and distributes a SAK, port state transitions to up and all traffic is encrypted.
When MKA is disabled the port access control is removed and unencrypted traffic resumes.
This example shows how to enable the MKA protocol on all ports:
System(rw)->set macsec port mka enable
This example shows how to enable the MKA protocol on port "ge.1.10":
System(rw)->set macsec port mka enable ge.1.10