Configures MAC Security (MACsec) replay-protect window size for port(s).
replay-protect | Configures dropping out-of-order packets received on a port. |
window_size_in_packets | Sets replay-protect window size value. Out-of-order packets up to selected value are accepted. Range is 0–4,294,967,295. Default is 0 (out-of-order packets are dropped). |
disable | Disables replay protection. Out-of-order packets are allowed. |
ports | Specifies configuring ports. |
port_list | Lists which ports to configure the replay-protect window on. |
Default value for replay-protect window is 0 packets, which drops all out-of-order packets.
The replay protection feature provides for the dropping of out-of-order packets received on a port. The window size is set to 0 by default, meaning any packet received out-of-order is dropped. Setting the window size to non-zero sets the range of sequence numbers that are tolerated, to allow receipt of packets that have been misordered by the network. If replay protection is disabled, packet sequence numbers are not checked and out-of-order packets are not dropped.
Important
After enabling MACsec, if you change the replay protect window size, you must run the configure macsec initialize ports port_list command afterward. Otherwise, the change is not applied.# configure macsec replay-protect disable port 13 # configure macsec intialize port 13
# configure macsec replay-protect 50 port 14 # configure macsec intialize port 14
This command was first available in ExtremeXOS 30.1.
This command is available on the following platforms.
Note
The MACsec feature requires the installation of the MAC Security feature pack license.Platform | Ports |
---|---|
ExtremeSwitching 5320 | All ports of all models except stacking ports. |
ExtremeSwitching 5420 | All ports of all models except stacking ports. |
ExtremeSwitching 5520 | All ports, except 5520-VIM-4X and 5520-24X 10G ports |
ExtremeSwitching 5720 | All ports of all models except stacking ports. |