confidentiality

描述

Within the MACsec policy context, enables Ethernet packet encryption after the MACsec header, optionally including a start-of-encryption offset. Confidentiality is enabled by default with an offset of 0 bytes after the MACsec header.

An offset of 0 causes the entire packet (after the MACsec header) to be encrypted. It is sometimes desirable to offset the start of the encryption deeper into the packet to allow for fields such as MPLS labels and 802.1Q tags to remain unencrypted.

Omitting theoffsetparameter enables confidentiality with whatever offset was configured previously.

The没有这个命令禁用的形式进行dentiality.

Command context

config-macsec-policy

Parameters

offset {0|30|50}

Selects the start-of-encryption offset (in bytes) into the packet after the MACsec header. Default 0 bytes.

Authority

Administrators or local user group members with execution rights for this command.

Examples

Enabling confidentiality with an offset of 30 bytes:

switch(config-macsec-policy)#confidentiality offset 30

Disabling confidentiality

switch(config-macsec-policy)#没有confidentiality