configure macsec mka life-time

configure macsec mka life-time mka_life_time ports port_list

Description

Configures MAC Security (MACsec) lifetime for port(s).

Syntax Description

mka Configures MACsec key agreement (MKA) parameters.
life-time Designates setting the lifetime of potential and live peers. Expiration causes removal from a list, and higher intervals increase MKA protocol stability.
mka_life_time Sets the lifetime of potential and live peers. Range is 6-30. Default is 6 seconds.
ports Specifies configuring ports.
port_list Lists which ports to configure the actor priority on.

Default

Default value for life-time 6 seconds.

Usage Guidelines

If MACsec link flap occurs, loosen the life-time equally on both sides of the MACsec connection.

Note

Note

MACsec link flap is likely to only occur on links connected to lower-end switches (the ExtremeSwitching X620 switch, for example).
Important

Important

After enabling MACsec, if you change the MKA lifetime, you must run the configure macsec initialize ports port_list command afterward. Otherwise, the change is not applied.

Example

The following configures the MKA lifetime to 10 seconds on port 3:

# configure macsec mka life-time 10 port 3
# configure macsec initialize port 3

History

This command was first available in ExtremeXOS 31.5.

Platform Availability

This command is available on the following platforms:

Note

Note

The MACsec feature requires the installation of the MAC Security feature pack license.
Platform Ports LRM/MACsec Adapter Required?
ExtremeSwitching X460-G2-24p-24hp, X460-G2-24t-24ht switches Half-duplex, 1G ports (25–48) No
All other SFP/SFP+ ports * Yes
ExtremeSwitching X450-G2, X460-G2, X670-G2, X440-G2, X590, X620, X690, and X695 series switches SFP/SFP+ ports * Yes
ExtremeSwitching X465

X465-24W, X465-24XE: ports 1–24

X465-48T, X465-48P, X465-48W, X465i-48W: ports 1–48

X465-24MU-24W: ports 25–48

VIM5-4XE: all 4 ports

VIM5-4YE in X465-24MU, X465-24MU-24W switches: all 4 ports

VIM5-4YE in X465-24W, X465-48T, X465-48P, X465-48W, X464.24S, X465-24S, X465i-48W: first 2 ports only

No
ExtremeSwitching 5320 All ports of all models except stacking ports. No
ExtremeSwitching 5420 All ports of all models except stacking ports. No
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 24X 10G ports No
Note: * For ExtremeSwitching X460-G2 series switches, the VIM-2X option does not support the LRM/MACsec Adapter.