diff options
Diffstat (limited to 'docs/interfaces/macsec.rst')
| -rw-r--r-- | docs/interfaces/macsec.rst | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst index d7af0c16..f841e17d 100644 --- a/docs/interfaces/macsec.rst +++ b/docs/interfaces/macsec.rst @@ -16,6 +16,16 @@ used for their own specific use cases. Configuration ############# +Common interface configuration +------------------------------ + +.. cmdinclude:: ../_include/interface-common-with-dhcp.txt + :var0: macsec + :var1: macsec0 + +MACsec specific options +----------------------- + .. cfgcmd:: set interfaces macsec <interface> security cipher [gcm-aes-128] Select cipher suite used for cryptographic operations. This setting is @@ -34,9 +44,8 @@ Configuration A physical interface is required to connect this MACsec instance to. Traffic leaving this interfac will now be authenticated/encrypted. - Key Management --------------- +^^^^^^^^^^^^^^ :abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers. @@ -56,7 +65,7 @@ individual peers. distributing SAKs. Replay protection ------------------ +^^^^^^^^^^^^^^^^^ .. cfgcmd:: set interfaces macsec <interface> security replay-window <window> @@ -68,7 +77,7 @@ Replay protection - ``1-4294967295``: Number of packets that could be misordered Operation -========= +######### .. opcmd:: run generate macsec mka-cak @@ -115,7 +124,7 @@ Operation TXSC: 005056bfefaa0001 on SA 0 Examples -======== +######## * Two routers connected both via eth1 through an untrusted switch * R1 has 192.0.2.1/24 & 2001:db8::1/64 |