...
| Workflow | |
|---|---|
| 1- Exchange pre-shared key: CKN + CAK | CKN or Connectivity Association Name |
| (same bot end) | CAK or Connectivity Association Key |
| >> Secure channel created for exchange of the SAK | |
| One will become the Key-server | use the MKA Macsec Key Agreement Protocol |
| 2- key-server will send the SAK | SAK or Security Association key |
| Data encryption | using the SAK to encrypt traffic |
3- +8 Byte Header +16 Byte trail MTU + 32 Bytes to the Mac frameframe | |
| Check License | |
|---|---|
| show system license | match macsec | |
| Configuration | |
| CAK or Connectivity Association Key | set security macsec ca1 security-mode static-cak |
| Enter the key or CAK | set security macsec ca1 pre-shared-key ckn <key is a long hex number> |