Configure Connectivity Associations
Use the following procedure to configure connectivity associations (CA) using EDM.
Note
-
You can configure MACsec on physical ports only. However, the physical ports can belong to an MLT trunk group that includes: Split MultiLink Trunking (SMLT), distributed MultiLink Trunking (DMLT), or Link aggregate group (LAG).
-
MACsec encryption and decryption algorithms follow either the AES-GCM-128 or the AES-GCM-256 standard, depending on the configured MAC-sec cipher suite. The default is the AES-GCM-128 standard.
Procedure
- In the navigation pane, expand .
- Select Chassis.
- Select the MACSec tab.
-
Select Insert.
- Select Apply.
MACSec Field Descriptions
Use the data in the following table to use the MACSec tab.
Name |
Description |
---|---|
AssociationName |
Specifies a name for each connectivity association configured on the device. Tip:
Configure the Connectivity Association key name (CKN) in multiples of 4 characters to avoid MKA interoperability issues between VOSS switches and EXOS switches. For example, Macsecma (8 chararcters) or Macsecmka123 (12 characters) are valid, but Macsec (6 characters) is not valid. |
AssociationKey |
Specifies a pre-shared, connectivity association key associated with each connectivity association configured on the device. |
AssociationPortMembers |
Specifies the set of ports for which this connectivity association is associated. |
AssociationTxKeyParity |
Specifies Tx key parity using the following values:
|