MACsec.MKA.PortOperUnSuprt

Description

This system does not support the non-default cipher suite that the adjacent device has distributed. The cipher suite selected by the key server must be supported on both the local and peer devices for correct operation.

Remedy

Investigation should be done to understand and correct the discrepancy with the peer. All MACsec-capable Extreme Networks systems support at a minimum, the default MACsec cipher suite(0x0080C20001000001). A possible solution is to raise the local peer's MKA actorPriority (configure macsec mka actor-priority <actor_priority> ports <port_list>) so that it is elected key server and can therefore choose a cipher suite that is supported by this system. If the remote system is not an Extreme Networks product, check that products user manual to determine if the mutually compatible MACsec cipher suite is supported.

Severity

Warning

Message Text

KaY: Rx MKPDU DIST-SAK: On port %slotPort%, the non-default Cipher Suite (%cipherSuite%) distributed by the peer MKA Key Server is not supported.

Message Parameters

Name Type
slotPort SlotPort
cipherSuite xInt64

Applicable Platforms