Update the Connectivity Association for a port

Use the following procedure to change the Connectivity Association (CA) to which a port is associated.

Before you begin

Ensure that the new CA is created at the global level. For information about configuring a CA, see Configure a Connectivity Association.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Disable MACsec on the port:

    no macsec enable

  3. Change the CA to which the port is associated:

    macsec connectivity-association WORD<5-16>

  4. Enable MACsec on the port:

    macsec enable

Example

Change the CA to which a port is associated:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface gigabit 1/2
Switch:1(config-if)#no macsec enable
Switch:1(config-if)#macsec connectivity-association caname12 
Switch:1(config-if)#macsec enable

Variable Definitions

The following table defines parameters for the macsec command.

Variable

Value

connectivity-association WORD<5–16>

Specifies the connectivity-association name as an alpha-numeric ASCII string up to 16 characters long. The device uses this value for the connectivity-association key name (CKN).

Tip:

Configure the CKN in multiples of 4 characters to avoid MKA interoperability issues between Fabric Engine switches and EXOS or Switch Engine switches. For example, Macsecma (8 chararcters) or Macsecmka123 (12 characters) are valid, but Macsec (6 characters) is not valid.

The following table defines parameters for the interface gigabitethernet command.

Variable

Value

{slot/port[/sub-port][-slot/port[/sub-port]][,...]}

Specifies the port to associate with the connectivity association (CA).

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.