configure macsec mka life-time

configure macsec mka life-time mka_life_time ports port_list

Description

Configures MAC Security (MACsec) lifetime for port(s).

Syntax Description

mka Configures MACsec key agreement (MKA) parameters.
life-time Designates setting the lifetime of potential and live peers. Expiration causes removal from a list, and higher intervals increase MKA protocol stability.
mka_life_time Sets the lifetime of potential and live peers. Range is 6-30. Default is 6 seconds.
ports Specifies configuring ports.
port_list Lists which ports to configure the actor priority on.

Default

Default value for life-time 6 seconds.

Usage Guidelines

If MACsec link flap occurs, loosen the life-time equally on both sides of the MACsec connection.

Note

Note

MACsec link flap is likely to only occur on links connected to lower-end switches (the ExtremeSwitching X620 switch, for example).
Important

Important

After enabling MACsec, if you change the MKA lifetime, you must run the configure macsec initialize ports port_list command afterward. Otherwise, the change is not applied.

Example

The following configures the MKA lifetime to 10 seconds on port 3:

# configure macsec mka life-time 10 port 3
# configure macsec initialize port 3

History

This command was first available in ExtremeXOS 31.5.

Platform Availability

This command is available on the following platforms:

Note

Note

The MACsec feature requires the installation of the MAC Security feature pack license.
Platform Ports LRM/MACsec Adapter Required?
ExtremeSwitching X460-G2-24p-24hp, X460-G2-24t-24ht switches Half-duplex, 1G ports (25–48) No
All other SFP/SFP+ ports * Yes
ExtremeSwitching X450-G2, X460-G2, X440-G2, X590, X620, and X695 series switches SFP/SFP+ ports * Yes
ExtremeSwitching X465

X465-24W, X465-24XE: ports 1–24

X465-48T, X465-48P, X465-48W, X465i-48W: ports 1–48

X465-24MU-24W: ports 25–48

VIM5-4XE: all 4 ports

VIM5-4YE in X465-24MU, X465-24MU-24W switches: all 4 ports

VIM5-4YE in X465-24W, X465-48T, X465-48P, X465-48W, X464.24S, X465-24S, X465i-48W: first 2 ports only

No
Note: * For ExtremeSwitching X460-G2 series switches, the VIM-2X option does not support the LRM/MACsec Adapter.