1IP-MACSEC(8) Linux IP-MACSEC(8)
2
6 ip-macsec - MACsec device configuration
7
9 ip link add link DEVICE name NAME type macsec [ [ address <lladdr> ]
10 port PORT | sci <u64> ] [ cipher { default | gcm-aes-128 } ] [ icvlen
11 ICVLEN ] [ encrypt { on | off } ] [ send_sci { on | off } ] [ end_sta‐
12 tion { on | off } ] [ scb { on | off } ] [ protect { on | off } ] [
13 replay { on | off } ] [ window WINDOW ] [ validate { strict | check |
14 disabled } ] [ encodingsa SA ]
15 ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY
17 ip macsec set DEV tx sa { 0..3 } [ OPTS ]
18 ip macsec del DEV tx sa { 0..3 }
19 ip macsec add DEV rx SCI [ on | off ]
21 ip macsec set DEV rx SCI [ on | off ]
22 ip macsec del DEV rx SCI
23 ip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEY
25 ip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]
26 ip macsec del DEV rx SCI sa { 0..3 }
27 ip macsec show [ DEV ]
29 OPTS := [ pn { 1..2^32-1 } ] [ on | off ]
31 SCI := { sci <u64> | port PORT address <lladdr> }
32 PORT := { 1..2^16-1 }
33
37 The ip macsec commands are used to configure transmit secure associa‐
38 tions and receive secure channels and their secure associations on a
39 MACsec device created with the ip link add command using the macsec
40 type.
41
44 Create a MACsec device on link eth0
45 # ip link add link eth0 macsec0 type macsec port 11 encrypt on
46 Configure a secure association on that device
48 # ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
49 Configure a receive channel
51 # ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
52 Configure a receive association
54 # ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
55 Display MACsec configuration
57 # ip macsec show
58
60 ip-link(8)
61
63 Sabrina Dubroca <sd@queasysnail.net>
64iproute 07 Mar 2016 IP-MACSEC(8)