Configure Connectivity Associations

Use the following procedure to configure connectivity associations (CA) using EDM.

Note

You can configure MACsec on physical ports only. However, the physical ports can belong to an MLT trunk group that includes: Split MultiLink Trunking (SMLT), distributed MultiLink Trunking (DMLT), or Link aggregate group (LAG).
MACsec encryption and decryption algorithms follow either the AES-GCM-128 or the AES-GCM-256 standard, depending on the configured MAC-sec cipher suite. The default is the AES-GCM-128 standard.

Procedure

In the navigation pane, expand Configuration > Edit.
Select Chassis.
Select the MACSec tab.
Select Insert.
In AssociationName, type the connectivity-association name.
In AssociationKey, type the value of the connectivity-association key.

Note

The system displays the connectivity-association key as an MD5-hashed text in the MAC security table.
In AssociationTxKeyParity, select an option for Tx key parity.

Note

Tx key parity configuration applies only to static MACsec configurations.
Select Insert.
Select Apply.

Use the data in the following table to use the MACSec tab.


Name	Description
AssociationName	Specifies the connectivity-association name as an alpha-numeric ASCII string up to 32 characters long. The device uses this value for the connectivity-association key name (CKN).
AssociationKey	Specifies the connectivity-association key (CAK) value as a 32-character (128-bit) or a 64 character (256-bit) hexadecimal string. Note: Always select the 128-bit CAK value for AES-GSM-128 and the 256-bit CAK value for AES-GSM_256.
AssociationPortMembers	Specifies the set of ports for which this connectivity association is associated.
AssociationTxKeyParity	Specifies Tx key parity using the following values: None — key parity is not specified Note: The none value only applies to platforms that support 2AN mode. If you do not specify a key parity value, the system defaults to 2AN mode. Even — generates even-numbered keys Odd — generates odd-numbered keys