1748251 Members
3600 Online
108760 Solutions
New Discussion

Mac Sec issue

 
declan2777
Frequent Advisor

Mac Sec issue

Hi there,

I am wondering 2 things; 

1: how to configure Mac sec on trunk ports etc. I have configured it and attached below;

port link-mode bridge
description *** not used ***
port link-type trunk
port trunk permit vlan all
macsec desire
macsec confidentiality-offset 30
macsec replay-protection window-size 10
macsec validation mode strict
mka enable
mka priority 5
mka psk ckn E9AC cak cipher $c$3$FNy6nktfPDqg3Sj40WOP+6s7rULu/nXAAqyO
port link-aggregation group 999

is above correct?

2: On the interface it has; "Line protocol state: DOWN(LAGG, MACSEC) what is the possible issue?

 

Many thanks in advance

 

1 REPLY 1
Ivan_B
HPE Pro

Re: Mac Sec issue

Hi @declan2777 !

Could you let me know the following:

1. What are the switches/modules you use for MACsec? I need information from both devices - model number of the switches and software version.

2. Have you checked if MACsec settings match on both sides?

3. Have you tried to remove MACsec from BAGG999's ports? Will aggretation work without MACsec?

4. Do you use dynamic (LACP) or static aggregation?

 

I am an HPE employee

Accept or Kudo