configure macsec mka actor-priority

configure macsec mka actor-priority actor_priority ports port_list


Configures MAC Security (MACsec) actor‘s priority for port(s).

Syntax Description

mka Configures MACsec key agreement (MKA) parameters.
actor-priority Designates setting the priority advertised during MKA key server election.
actor-priority Sets the actor priority value. A lower value denotes higher priority.Range is 0–255 or 0x0–0xFF. Default is 0x10.
ports Specifies configuring ports.
port_list Lists which ports to configure the actor priority on.


Default value for actor priority is 0x10.

Usage Guidelines

Each MKA participant selects the participant advertising the highest priority as the key server. In the event of a tie, the participant with the highest priority MAC address (lowest value) is selected. The recommended priority range for infrastructure ports is 0x00 to 0x1f, with a default of 0x10. You can assign the full range of priorities, 0x00 to 0xff:
  • To have a port become a key server, raise the priority by assigning a priority value less than 0x10.
  • To not have a port become key server, lower the priority by assigning a priority value greater than 0x10.


After enabling MACsec, if you change the actor priority, you must run the configure macsec initialize ports port_list command afterward. Otherwise, the change is not applied.


The following example raises the actor priority value to 0x5 on port 13:
# configure macsec mka actor-priority "0x5" port 13
# configure macsec initialize port 13
The following example lowers the actor priority value to "31" on port 14:
# configure macsec mka actor-priority 31 port 14
# configure macsec initialize port 14


This command was first available in ExtremeXOS 30.1.

Platform Availability

This command is available on the following platforms.



The MACsec feature requires the installation of the MAC Security feature pack license.
Platform Ports LRM/MACsec Adapter Required?
ExtremeSwitching X460-G2-24p-24hp, X460-G2-24t-24ht switches Half-duplex, 1G ports (25–48) No
All other SFP/SFP+ ports * Yes
ExtremeSwitching X450-G2, X460-G2, X440-G2, X590, X620, and X695 series switches SFP/SFP+ ports * Yes
ExtremeSwitching X465

X465-24W, X465-24XE: ports 1–24

X465-48T, X465-48P, X465-48W, X465i-48W: ports 1–48

X465-24MU-24W: ports 25–48

VIM5-4XE: all 4 ports

VIM5-4YE in X465-24MU, X465-24MU-24W switches: all 4 ports

VIM5-4YE in X465-24W, X465-48T, X465-48P, X465-48W, X464.24S, X465-24S, X465i-48W: first 2 ports only

Note: * For ExtremeSwitching X460-G2 series switches, the VIM-2X option does not support the LRM/MACsec Adapter.