Configures the preferred cipher suite for MAC Security (MACsec).
| cipher-suite | Selects provisioning MACsec cipher suite to be used if elected as key server. |
| gcm-aes-128 | Galois/Counter Mode of AES-128 symmetric block cipher (Default). |
| gcm-aes-256 | Galois/Counter Mode of AES-256 symmetric block. |
| ports | Specifies configuring ports. |
| port_list | Lists which ports to configure the selected cipher suite on. |
The cipher suite gcm-aes-128 is selected by default.
| GCM-AES-256 and GCM-AES-128 |
|---|
| Ports with LRM/MACsec Adapter |
|
ExtremeSwitching 5320, 5420, 5720 on all ports. ExtremeSwitching 5520 on all ports, except 5520-VIM-4X and 24X 10G ports. |
If GCM-AES-256 is desired between two switches using the LRM/MACsec Adapter, you need to issue this command on at least the key server side, but preferably on both sides.
If the port is elected as MKA key server, then the configured cipher suite is used to protect all port traffic. If the peer port is elected as MKA key server, then the peer chooses which cipher suite to use.
# configure macsec cipher-suite gcm-aes-256 22,30-33
# configure macsec cipher-suite gcm-aes-128 30
This command was first available in ExtremeXOS 30.2.
This command is available on the following platforms.
Note
The MACsec feature requires the installation of the MAC Security feature pack license.| Platform | Ports |
|---|---|
| ExtremeSwitching 5320 | All ports of all models except stacking ports. |
| ExtremeSwitching 5420 | All ports of all models except stacking ports. |
| ExtremeSwitching 5520 | All ports, except 5520-VIM-4X and 5520-24X 10G ports |
| ExtremeSwitching 5720 | All ports of all models except stacking ports. |
| Extreme 7520-48YE-8CE | All front-panel ports. |