Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Setting the MKA Session Timeout Interval
Context
Before using MACsec to ensure communication security, both ends must negotiate an MKA session, which is a secure channel for communication. After the MKA session is created, the two ends exchange MKA protocol packets to ensure that the session is alive. The MKA protocol defines an MKA session keepalive timer. When receiving MKA protocol packets from the peer, the local switch starts the timer:
- If the local switch receives MKA protocol packets within the timeout interval, the local switch resets the timer.
- If the local switch does not receive MKA protocol packets within the timeout interval, the local switch considers the connection insecure. Then the local switch disassociates from the peer and performs MKA session negotiation again.
Set the MKA session timeout interval as you need.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
An interface can work in Layer 2 or Layer 3 mode.
- Run mka timer mka-life life-time
The MKA session timeout interval is set.
The default MKA session timeout interval is 6 seconds.
- Run commit
The configuration is committed.