diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 10:43:44 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 11:59:08 +0200 |
| commit | 04d03f5bdd262bbf95f09e6ba3f211ab1d459573 (patch) | |
| tree | 72ab35b2d9aa5df32711a99948df0937a13ad66f /python | |
| parent | 5038eb5856b809f339e14dd932dd64fb1204eefc (diff) | |
| download | vyos-1x-04d03f5bdd262bbf95f09e6ba3f211ab1d459573.tar.gz vyos-1x-04d03f5bdd262bbf95f09e6ba3f211ab1d459573.zip | |
macsec: T2023: add optional encryption command
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/ifconfig/macsec.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/python/vyos/ifconfig/macsec.py b/python/vyos/ifconfig/macsec.py index cea3f8d13..1829df4ab 100644 --- a/python/vyos/ifconfig/macsec.py +++ b/python/vyos/ifconfig/macsec.py @@ -50,12 +50,17 @@ class MACsecIf(Interface): """ # create tunnel interface cmd = 'ip link add link {source_interface} {ifname} type {type}' - cmd += ' cipher {cipher} encrypt on' + cmd += ' cipher {cipher}' self._cmd(cmd.format(**self.config)) # interface is always A/D down. It needs to be enabled explicitly self.set_admin_state('down') + def set_encryption(self, on_off): + ifname = self.config['ifname'] + cmd = f'ip link set {ifname} type macsec encrypt {on_off}' + return self._cmd(cmd) + @staticmethod def get_config(): """ |