diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-22 11:09:16 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-22 11:09:30 +0200 |
commit | 40ec6b742a5200cf768686d7aa28ea64fbd538c1 (patch) | |
tree | 47ce9e0e052fc86d6e8678750d59527823536fc3 /docs/interfaces/macsec.rst | |
parent | da30b6ab9033f121a19a943f954e9e8f766c2599 (diff) | |
download | vyos-documentation-40ec6b742a5200cf768686d7aa28ea64fbd538c1.tar.gz vyos-documentation-40ec6b742a5200cf768686d7aa28ea64fbd538c1.zip |
macsec: add replay protection
Diffstat (limited to 'docs/interfaces/macsec.rst')
-rw-r--r-- | docs/interfaces/macsec.rst | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst index 33e72cfe..d7af0c16 100644 --- a/docs/interfaces/macsec.rst +++ b/docs/interfaces/macsec.rst @@ -55,6 +55,18 @@ individual peers. The peer with lower priority will become the key server and start distributing SAKs. +Replay protection +----------------- + +.. cfgcmd:: set interfaces macsec <interface> security replay-window <window> + + IEEE 802.1X/MACsec replay protection window. This determines a window in which + replay is tolerated, to allow receipt of frames that have been misordered by + the network. + + - ``0``: No replay window, strict check + - ``1-4294967295``: Number of packets that could be misordered + Operation ========= |