Configures MAC Security (MACsec) lifetime for port(s).
mka | Configures MACsec key agreement (MKA) parameters. |
life-time | Designates setting the lifetime of potential and live peers. Expiration causes removal from a list, and higher intervals increase MKA protocol stability. |
mka_life_time | Sets the lifetime of potential and live peers. Range is 6-30. Default is 6 seconds. |
ports | Specifies configuring ports. |
port_list | Lists which ports to configure the actor priority on. |
Default value for life-time 6 seconds.
If MACsec link flap occurs, loosen the life-time
equally on
both sides of the MACsec connection.
Note
MACsec link flap is likely to only occur on links connected to lower-end switches (the ExtremeSwitching X620 switch, for example).Important
After enabling MACsec, if you change the MKA lifetime, you must run the configure macsec initialize ports port_list command afterward. Otherwise, the change is not applied.The following configures the MKA lifetime to 10 seconds on port 3:
# configure macsec mka life-time 10 port 3 # configure macsec initialize port 3
This command was first available in ExtremeXOS 31.5.
This command is available on the following platforms:
Note
The MACsec feature requires the installation of the MAC Security feature pack license.Platform | Ports |
---|---|
ExtremeSwitching 5320 | All ports of all models except stacking ports. |
ExtremeSwitching 5420 | All ports of all models except stacking ports. |
ExtremeSwitching 5520 | All ports, except 5520-VIM-4X and 5520-24X 10G ports |
ExtremeSwitching 5720 | All ports of all models except stacking ports. |