summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-21 11:07:19 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-21 11:59:08 +0200
commit576951171b25bf3f5427c45e40bd540105f558b3 (patch)
treebcfc55eabae64910ae0d2fbc98095fb66688b527 /src
parent4a0c0b4e041d9f42d0b1fbfa3a259e76707338cb (diff)
downloadvyos-1x-576951171b25bf3f5427c45e40bd540105f558b3.tar.gz
vyos-1x-576951171b25bf3f5427c45e40bd540105f558b3.zip
macsec: T2023: cipher suite is mandatory
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-macsec.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 874fd6d62..867df3eb6 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -29,7 +29,7 @@ from vyos import ConfigError
default_config_data = {
'address': [],
'address_remove': [],
- 'cipher': 'gcm-aes-128',
+ 'cipher': '',
'deleted': False,
'description': '',
'disable': False,
@@ -111,6 +111,10 @@ def verify(macsec):
raise ConfigError((
f'Physical source interface must be set for MACsec "{macsec["intf"]}"'))
+ if not macsec['cipher']:
+ raise ConfigError((
+ f'Cipher suite is mandatory for MACsec "{macsec["intf"]}"'))
+
if macsec['vrf']:
if macsec['vrf'] not in interfaces():
raise ConfigError(f'VRF "{macsec["vrf"]}" does not exist')