Configure MKA Confidentiality Offset

About this task

Use the following procedure to configure the confidentiality offset for an MKA profile. The confidentiality offset specifies the number of unencrypted bytes that precede MACsec encryption.

Procedure

  1. Enter mka profile Configuration mode:

    enable

    configure terminal

    macsec mka profile WORD<1-16>

  2. Configure a value for confidentiality offset:

    confidentiality-offset <30-50>

    Note

    Note

    The configuration should be the same at both ends of the link, either enabled or disabled.

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#macsec mka profile test030519
Switch:1(mka-profile)#confidentiality-offset 30

Variable Definitions

The following table defines parameters for the confidentiality-offset command.

Variable

Value

WORD<1-16>

Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive.

<30 | 50>

Specifies the number of bytes after the Ethernet header from which data encryption begins. Possible values are 30 (IPv4 plus TCP/UDP header) and 50 (IPv6 plus TCP/UDP header). The default is no offset.
9037147-00 Rev AB