Configure Connectivity Associations
Use the following procedure to configure connectivity associations (CA) using EDM.
Note
-
You can configure MACsec on physical ports only. However, the physical ports can belong to an MLT trunk group that includes: Split MultiLink Trunking (SMLT), distributed MultiLink Trunking (DMLT), or Link aggregate group (LAG).
-
MACsec encryption and decryption algorithms follow either the AES-GCM-128 or the AES-GCM-256 standard, depending on the configured MAC-sec cipher suite. The default is the AES-GCM-128 standard.
Procedure
MACSec Field Descriptions
Use the data in the following table to use the MACSec tab.
Name |
Description |
---|---|
AssociationName |
Specifies the connectivity-association name as an alpha-numeric ASCII string up to 32 characters long. The device uses this value for the connectivity-association key name (CKN). |
AssociationKey |
Specifies the connectivity-association key (CAK) value as a 32-character (128-bit) or a 64 character (256-bit) hexadecimal string. Note:
Always select the 128-bit CAK value for AES-GSM-128 and the 256-bit CAK value for AES-GSM_256. |
AssociationPortMembers |
Specifies the set of ports for which this connectivity association is associated. |
AssociationTxKeyParity |
Specifies Tx key parity using the following values:
|