MACsec configuration

Creating and configuring a MACsec policy:

switch(config)#macsec policy MS_Policy1switch(config-macsec-policy)#cipher-suite gcm-aes-256 gcm-aes-xpn-256switch(config-macsec-policy)#replay-protection window-size 100switch(config-macsec-policy)#exitswitch(config)#

Creating and configuring an MKA policy:

switch(config)#mka policy MKA_Policy1switch(config-mka-policy)#pre-shared-key ckn abcdef12 cak plaintext 123abcdefswitch(config-mka-policy)#key-server-priority 5switch(config-mka-policy)#exitswitch(config)#

Applying the MACsec and MKA policy to a port range:

switch(config)#interface 1/1/1-1/1/4switch(config-if-<1/1/1-1/1/4>)#apply macsec policy MS_Policy1switch(config-if-<1/1/1-1/1/4>)#apply mka policy MKA_Policy1switch(config-if-<1/1/1-1/1/4>)#exitswitch(config)#

Show commands are provided for showing policy information and monitoring MACsec and MKA status and statistics:

switch(config)#显示macsec policy MS_Policy1... switch#显示macsec status... switch#显示macsec统计... switch#显示mka policy MKA_Policy1... switch#显示mka status... switch#显示mka statistics...