Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the MACsec Mode
Context
MACsec provides the data encryption and integrity check
functions to protect user service data. You can select data encryption
and integrity check by setting the MACsec mode. Three MACsec modes
are available:
- none: no encryption and no integrity check
- normal: encryption and integrity check
- integrity-only: integrity check but no encryption
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
An interface can work in Layer 2 or Layer 3 mode.
- Run macsec mode { none | normal | integrity-only }
The MACsec mode is set.
By default, the MACsec mode is none.
When you configure MACsec on a network where traffic is being transmitted and received, set the MACsec mode on both ends to none. When the MKA negotiation is successful, change the MACsec mode on both ends to normal. This can shorten the traffic interruption time.
To view the MKA negotiation status, run the display mka interface interface-type interface-number command. When the MKA status value is SUCCEEDED, the MKA negotiation is successful.
- Run commit
The configuration is committed.
