OpenGrok

ip-macsec - MACsec device configuration "ip link add link " DEVICE " name " NAME " type macsec " [ [ address " <lladdr>" ] port " PORT" | sci " <u64>" ] [ cipher " { " default " | " gcm-aes-128 " } ] [" icvlen " ICVLEN" ] [ encrypt " { " on " | " off " } ] [" send_sci " { " on " | " off " } ] [" end_station " { " on " | " off " } ] [" scb " { " on " | " off " } ] [" protect " { " on " | " off " } ] [" replay " { " on " | " off " } ] [" window " WINDOW" ] [ validate " { " strict " | " check " | " disabled " } ] [" encodingsa " SA" ] "ip macsec add " DEV " tx sa" "{ " 0..3 " } [ " OPTS " ]" key " ID KEY" "ip macsec set " DEV " tx sa" "{ " 0..3 " } [ " OPTS " ]" "ip macsec del " DEV " tx sa" "{ " 0..3 " }" "ip macsec add " DEV " rx " SCI [ " on " | " off " ] "ip macsec set " DEV " rx " SCI [ " on " | " off " ] "ip macsec del " DEV " rx " SCI "ip macsec add " DEV " rx " SCI " sa" "{ " 0..3 " } [ " OPTS " ]" key " ID KEY" "ip macsec set " DEV " rx " SCI " sa" "{ " 0..3 " } [ " OPTS " ]" "ip macsec del " DEV " rx " SCI " sa" "{ " 0..3 " }" ip macsec show [ " DEV " ] OPTS " := [ " pn " { " 1..2^32-1 " } ] [" on " | " off " ]" SCI " := { " sci <u64> " | " port PORT address " <lladdr> " } PORT " := { " 1..2^16-1 " } " The ip macsec commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the ip link add command using the macsec type.

# ip link add link eth0 macsec0 type macsec port 11 encrypt on

 Configure a secure association on that device
# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181

 Configure a receive channel
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0

 Configure a receive association
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282

 Display MACsec configuration
# ip macsec show
 SEE ALSO
 ip-link (8) 
 AUTHOR
Sabrina Dubroca <sd (at] queasysnail.net>