Configure MKA Replay Protect

Note

Note

This procedure only applies to VSP 8400 Series, VSP 4900 Series, and 5520 Series.

About this task

Use the following procedure to configure replay protect for an MKA profile. Replay protect provides a configurable window that accepts a specified number of out-of-sequence frames.

Procedure

  1. Enter mka profile Configuration mode:

    enable

    configure terminal

    macsec mka profile WORD<1-16>

  2. Enable replay protection and configure the window size:

    replay-protect enable window-size <5-500>

    Note

    Note

    The configuration should be the same at both ends of the link, either enabled or disabled.

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#macsec mka profile test030519
Switch:1(mka profile)#replay-protect enable window-size 200

Variable Definitions

The following table defines parameters for the replay-protect command.

Variable

Value

enable

Enables replay protection on an MKA profile. The default is disabled.

window-size <5-500>

Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, the packet is dropped.

WORD<1-16>

Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive.
9037123-00 Rev AD