apply mka policy - 188金宝搏的网址

Syntax

apply mka policyno apply mka policy

Description

Within the selected interface context, applies the specified MKA policy to the selected port. To start the MKA protocol on the port, a MACsec policy must also be applied to the port.

NOTE:

An MKA policy can be applied to a physical interface port that is not part of any LAG ports or to a lag port. It can also be applied to an interface that is configured as an MCLAG, VSX keep-alive, or VSX inter-switch-link.

If an MKA policy is already applied to the selected port, this command replaces the existing policy application.

Thenoform of this command dissociates the specified policy from the port.

Command context

config-if

Parameters

: Specifies the MKA policy name. Range: 1 to 32 alphanumeric characters including only the three special characters "." (period), "-" (hyphen), and "_" (underscore).

Authority

Administrators or local user group members with execution rights for this command.

Usage

When any MACsec or MKA policy parameter is updated, any active MACsec session on all interfaces running the MACsec or MKA policy is terminated and restarted. This is indicated with the following prompt that provides an opportunity to not execute theapplycommand.
```
This policy is currently in use by one or more interfaces. Updating the policy will cause existing MACsec sessions using the policy to restart. Continue (y/n)?
```
For non-LAG ports, a range of ports can be specified in theinterfacecommand used to enter the interface context. For example, entering the interface context for ports 1/1/1 through 1/1/4:
```
开关(config)#interface 1/1/1-1/1/4开关(config-if-<1/1/1-1/1/4>)#apply mka policy MKA_Policy1
```
Not all interfaces on a switch may support the MACsec capability. An error will be generated when a policy is applied to a physical interface that is not capable of MACsec. For LAG ports, any non-MACsec capable interfaces that are part of the LAG will be blocked.

Examples

Applying an MKA policy to a range of two ports:

开关(config)#interface 1/1/1-1/1/2开关(config-if-<1/1/1-1/1/2>)#apply mka policy MKA_Policy1

Attempting to apply an MKA policy to a port that is not MACsec capable:

开关(config)#interface 1/1/5开关(config-if)#apply mka policy MKA_Policy1MACsec不支持的接口。开关(config-if)#

Removing MKA policy association from a port:

开关(config)#interface 1/1/1开关(config-if)#no apply mka policy

Applying an MKA policy to a LAG port:

开关(config)#interface lag 1开关(config-if)#apply mka policy MKA_Policy1