Configure MKA Actor Priority

About this task

The MKA participant with the highest actor priority is designated as the key server.

Before you begin

Note

Note

This procedure only applies to VSP 8400 Series.

  • You must enable MKA globally.

  • You must apply an MKA profile to the port.

  • You must disable MKA on the port before you configure a value for actor priority. Enable MKA on the port after you configure an actor priority value.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure a value for actor priority:

    #macsec actor-priority <0x00-0xff>

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#interface gigabitethernet 1/4
Switch:1(config-if)#macsec actor-priority 0x0f

Variable Definitions

The following table defines parameters for the macsec actor-priority command.

Variable

Value

<0x00-0xff>

Specifies a hexadecimal value for actor priority, which determines key server selection. Lower values indicate a higher priority. The default is 10.

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.