Configure an MKA Profile

Procedure

  1. In the navigation pane, expand Configuration > Edit.
  2. Select Chassis.
  3. Select the MACSec MKA Profile tab.
  4. Select Insert.
  5. For Id, type an MKA ID value.
  6. For Name, type the profile name.
  7. Optional: Select ReplayProtectEnable to enable replay protect.
  8. Optional: For ReplayProtectWindow, type a value for the replay protect window size.
  9. Optional: From the OffsetValue options, select a level for confidentiality offset.
  10. Select IncludeSCIEnable to enable the SCI field in MACsec frames.
  11. Select Insert.

MACSec MKA Profile Field Descriptions

Use the data in the following table to use the MACSec MKA Profile tab.

Name

Description

Id

Specifies a unique identification number for an MKA profile.

Name

Specifies the profile name.

ReplayProtectEnable

Specifies whether replay protect is enabled. The default is disabled.

ReplayProtectWindow

Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, it is dropped.

OffsetValue

Specifies the number of bytes after the Ethernet header from which data encryption begins. The default is no offset.

PortMembers

Specifies the ports that are members of an MKA profile.

IncludeSCIEnable

Note: Exception: only supported on VSP 8400 Series, VSP 4900 Series, and 5520 Series.

Specifies whether SCI tagging is enabled for a MACsec-enabled switch. The default is disabled.