From 04d03f5bdd262bbf95f09e6ba3f211ab1d459573 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 May 2020 10:43:44 +0200 Subject: macsec: T2023: add optional encryption command By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec encrypt --- python/vyos/ifconfig/macsec.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'python') diff --git a/python/vyos/ifconfig/macsec.py b/python/vyos/ifconfig/macsec.py index cea3f8d13..1829df4ab 100644 --- a/python/vyos/ifconfig/macsec.py +++ b/python/vyos/ifconfig/macsec.py @@ -50,12 +50,17 @@ class MACsecIf(Interface): """ # create tunnel interface cmd = 'ip link add link {source_interface} {ifname} type {type}' - cmd += ' cipher {cipher} encrypt on' + cmd += ' cipher {cipher}' self._cmd(cmd.format(**self.config)) # interface is always A/D down. It needs to be enabled explicitly self.set_admin_state('down') + def set_encryption(self, on_off): + ifname = self.config['ifname'] + cmd = f'ip link set {ifname} type macsec encrypt {on_off}' + return self._cmd(cmd) + @staticmethod def get_config(): """ -- cgit v1.2.3