Configure an MKA Profile
Procedure
- In the navigation pane, expand .
- Select Chassis.
- Select the MACSec MKA Profile tab.
- Select Insert.
- For Id, type an MKA ID value.
- For Name, type the profile name.
- Optional: Select ReplayProtectEnable to enable replay protect.
- Optional: For ReplayProtectWindow, type a value for the replay protect window size.
- Optional: From the OffsetValue options, select a level for confidentiality offset.
- Select IncludeSCIEnable to enable the SCI field in MACsec frames.
- Select Insert.
MACSec MKA Profile Field Descriptions
Use the data in the following table to use the MACSec MKA Profile tab.
Name |
Description |
---|---|
Id |
Specifies a unique identification number for an MKA profile. |
Name |
Specifies the profile name. |
ReplayProtectEnable |
Specifies whether replay protect is enabled. The default is disabled. |
ReplayProtectWindow |
Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, it is dropped. |
OffsetValue |
Specifies the number of bytes after the Ethernet header from which data encryption begins. The default is no offset. |
PortMembers |
Specifies the ports that are members of an MKA profile. |
IncludeSCIEnable Note: Exception: only supported on VSP 8400
Series, VSP 4900
Series, and 5520 Series.
|
Specifies whether SCI tagging is enabled for a MACsec-enabled switch. The default is disabled. |