Applying an MKA policy
MKA policy provides a centralized method to configure MACsec confidentiality offset, replay protection, and validation mode. An MKA policy can be applied to a port or multiple ports. When you apply an MKA policy to a port, follow these restrictions and guidelines:
The MACsec parameter settings configured in the MKA policy overwrite the MACsec parameters previously configured on the port.
Any modifications to the MKA policy take effect immediately.
When you remove an MKA policy application from the port, the MACsec parameter settings on the port restore to the default.
When you apply a nonexistent MKA policy to the port, the port automatically uses the default MKA policy. If you create the policy, the policy will be automatically applied to the port.
To apply an MKA policy to a port:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Apply an MKA policy. | mka apply policy policy-name | By default, no MKA policy is applied to the port. |