Configure MKA Actor Priority

About this task

The MKA participant with the highest actor priority is designated as the key server.

Before you begin

  • Apply an MKA profile to the port.

  • Disable MKA on the port before you configure a value for actor priority. Enable MKA on the port after you configure an actor priority value.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure a value for actor priority:

    macsec actor-priority <0x00-0xff>

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#interface gigabitethernet 1/4
Switch:1(config-if)#macsec actor-priority 0x0f

Variable Definitions

The following table defines parameters for the macsec actor-priority command.

Variable

Value

<0x00-0xff>

Specifies a hexadecimal value for actor priority, which determines key server selection. Lower values indicate a higher priority. The default is 10.

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Identifies the slot and port in one of the following formats:
  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.