www.LinuxHowtos.org
IP\-MACSEC
Section: Linux (8)Updated: 07 Mar 2016
Index Return to Main Contents
NAME
ip-macsec - MACsec device configurationSYNOPSIS
ip link add link DEVICE name NAME type macsec [ [ address <lladdr> ] port PORT | sci <u64> ] [ cipher { default | gcm-aes-128 } ] [ icvlen ICVLEN ] [ encrypt { on | off } ] [ send_sci { on | off } ] [ end_station { on | off } ] [ scb { on | off } ] [ protect { on | off } ] [ replay { on | off } ] [ window WINDOW ] [ validate { strict | check | disabled } ] [ encodingsa SA ]
ip macsec add DEV tx sa
{ 0..3 } [ OPTS ]
key ID KEY
ip macsec set DEV tx sa
{ 0..3 } [ OPTS ]
ip macsec del DEV tx sa
{ 0..3 }
ip macsec add DEV rx SCI
[ on | off ]
ip macsec set DEV rx SCI
[ on | off ]
ip macsec del DEV rx SCI
ip macsec add DEV rx SCI sa
{ 0..3 } [ OPTS ]
key ID KEY
ip macsec set DEV rx SCI sa
{ 0..3 } [ OPTS ]
ip macsec del DEV rx SCI sa
{ 0..3 }
ip macsec show [ DEV ]
OPTS := [
pn {
1..2^32-1 } ] [
on | off ]
SCI := {
sci
<u64> |
port
PORT
address <lladdr>
}
PORT := { 1..2^16-1 }
DESCRIPTION
The ip macsec commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the ip link add command using the macsec type.EXAMPLES
Create a MACsec device on link eth0
# ip link add link eth0 macsec0 type macsec port 11 encrypt on
Configure a secure association on that device
# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
Configure a receive channel
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
Configure a receive association
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
Display MACsec configuration
# ip macsec show
SEE ALSO
ip-link(8)
AUTHOR
Sabrina Dubroca <sd@queasysnail.net>