686
<Sysname> system-view
[Sysname] mka policy abcd
[Sysname-mka-policy-abcd] replay-protection enable
Related commands
macsec replay-protection enable
mka apply policy
replay-protection window-size
replay-protection window-size
Use
replay-protection window-size
to set the MACsec replay protection window size in an MKA
policy.
Use
undo replay-protection window-size
to restore the default.
Syntax
replay-protection window-size size-value
undo replay-protection window-size
Default
The MACsec replay protection window size in an MKA policy is 0. Frames are accepted only in the
correct order.
Views
MKA policy view
Predefined user roles
network-admin
mdc-admin
Parameters
size-value
: Specifies the replay protection window size, in the range of 0 to 4294967295 frames.
Usage guidelines
The MACsec replay protection window size allows a MACsec port to accept a number of out-of-order
inbound frames.
Suppose the replay protection window size is
a
on a port. After the port receives a packet with PN
x
,
it can accept only packets whose PN is greater than or equal to
x-a
.
The replay protection window size takes effect only when the replay protection feature is enabled on
the port.
Set a replay protection window size based on the forwarding path of frames. If the frames might be
forwarded multiple times, set a large replay protection window size.
When an MKA policy is applied to a port, the replay protection window size in the policy overwrites
the window size already configured on the port.
Examples
# Set the MACsec replay protection window size to 100 in MKA policy
abcd
.
<Sysname> system-view
[Sysname] mka policy abcd
[Sysname-mka-policy-abcd] replay-protection window-size 100