summaryrefslogtreecommitdiff
path: root/docs/interfaces/macsec.rst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-22 11:09:16 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-22 11:09:30 +0200
commit40ec6b742a5200cf768686d7aa28ea64fbd538c1 (patch)
tree47ce9e0e052fc86d6e8678750d59527823536fc3 /docs/interfaces/macsec.rst
parentda30b6ab9033f121a19a943f954e9e8f766c2599 (diff)
downloadvyos-documentation-40ec6b742a5200cf768686d7aa28ea64fbd538c1.tar.gz
vyos-documentation-40ec6b742a5200cf768686d7aa28ea64fbd538c1.zip
macsec: add replay protection
Diffstat (limited to 'docs/interfaces/macsec.rst')
-rw-r--r--docs/interfaces/macsec.rst12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst
index 33e72cfe..d7af0c16 100644
--- a/docs/interfaces/macsec.rst
+++ b/docs/interfaces/macsec.rst
@@ -55,6 +55,18 @@ individual peers.
The peer with lower priority will become the key server and start
distributing SAKs.
+Replay protection
+-----------------
+
+.. cfgcmd:: set interfaces macsec <interface> security replay-window <window>
+
+ IEEE 802.1X/MACsec replay protection window. This determines a window in which
+ replay is tolerated, to allow receipt of frames that have been misordered by
+ the network.
+
+ - ``0``: No replay window, strict check
+ - ``1-4294967295``: Number of packets that could be misordered
+
Operation
=========