Configure MKA Replay Protect

About this task

Use the following procedure to configure replay protect for an MKA profile. Replay protect provides a configurable window that accepts a specified number of out-of-sequence frames.

Procedure

  1. Enter mka profile Configuration mode:

    enable

    configure terminal

    macsec mka profile WORD<1-16>

  2. Enable replay protection and configure the window size:

    replay-protect enable window-size <5-500>

    Note

    Note

    The configuration should be the same at both ends of the link, either enabled or disabled.

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#macsec mka profile test030519
Switch:1(mka profile)#replay-protect enable window-size 200

Variable Definitions

The following table defines parameters for the replay-protect command.

Variable

Value

enable

Enables replay protection on an MKA profile. The default is disabled.

window-size <5-500>

Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, the packet is dropped.

WORD<1-16>

Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive.