Configuring MACsec
Command or Action
Step 4
(Optional) copy running-config startup-config
Example:
switch(config-if)# copy running-config
startup-config
Configuring a MACsec Policy
You can create multiple MACsec policies with different parameters. However, only one policy can be active
on an interface.
Note
Dynamic changes are not allowed to the MACsec policy once the policy is enabled under the interface.
Before you begin
Make sure that MACsec is enabled.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
configure terminal
macsec policy name
cipher-suite name
key-server-priority number
security-policy name
window-size number
sak-expiry-time time
conf-offset name
(Optional) show macsec policy
(Optional) copy running-config startup-config
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Purpose
The command must be entered exactly the same
Note
as the existing configuration command for the
interface, except for the fallback keychain name.
See
Configuring a MACsec Keychain and
Copies the running configuration to the startup
configuration.
Purpose
Enters global configuration mode.
Configuring a MACsec Policy
Keys.
509