diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-08-04 20:55:25 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-08-04 20:55:25 +0200 |
| commit | 0943ac00412b0049b7a20a54e27e7b8025726598 (patch) | |
| tree | 8ed42d9bd9e9019f5fd351f82a84cbb6680e639f /data | |
| parent | e19889adf8cef101d85a279055271a68b078ec73 (diff) | |
| download | vyos-1x-0943ac00412b0049b7a20a54e27e7b8025726598.tar.gz vyos-1x-0943ac00412b0049b7a20a54e27e7b8025726598.zip | |
macsec: T4537: macsec_csindex can be set even without encryption
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.j2 | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.j2 b/data/templates/macsec/wpa_supplicant.conf.j2 index d2529c50d..1f7ba16f4 100644 --- a/data/templates/macsec/wpa_supplicant.conf.j2 +++ b/data/templates/macsec/wpa_supplicant.conf.j2 @@ -47,6 +47,12 @@ network={ # 1: Integrity only macsec_integ_only={{ '0' if security.encrypt is vyos_defined else '1' }} + # macsec_csindex: IEEE 802.1X/MACsec cipher suite + # 0 = GCM-AES-128 + # 1 = GCM-AES-256 +{# security.cipher is a mandatory key #} + macsec_csindex={{ '1' if security.cipher is vyos_defined('gcm-aes-256') else '0' }} + {% if security.encrypt is vyos_defined %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair. @@ -62,12 +68,6 @@ network={ # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority mka_priority={{ security.mka.priority }} - - # macsec_csindex: IEEE 802.1X/MACsec cipher suite - # 0 = GCM-AES-128 - # 1 = GCM-AES-256 -{# security.cipher is a mandatory key #} - macsec_csindex={{ '1' if security.cipher is vyos_defined('gcm-aes-256') else '0' }} {% endif %} {% if security.replay_window is vyos_defined %} |