mirror of
https://git.proxmox.com/git/mirror_iproute2
synced 2025-10-10 14:56:56 +00:00
89bb6e673a
since kernel driver has valid default values for 'cipher' and 'icvlen', there is no need for requiring users to specify both of them when a new link is added. Also, prompt an error message and exit with appropriate exit status in case of unsupported cipher suite. Signed-off-by: Davide Caratti <dcaratti@redhat.com>
104 lines
2.3 KiB
Groff
104 lines
2.3 KiB
Groff
.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux"
|
|
.SH NAME
|
|
ip-macsec \- MACsec device configuration
|
|
.SH "SYNOPSIS"
|
|
.BI "ip link add link " DEVICE " name " NAME " type macsec "
|
|
[
|
|
.BI port " PORT"
|
|
|
|
|
.BI sci " SCI"
|
|
] [
|
|
.BR cipher " { " default " | " gcm-aes-128 " } ] ["
|
|
.BI icvlen " ICVLEN"
|
|
] [
|
|
.BR encrypt " { " on " | " off " } ] ["
|
|
.BR send_sci " { " on " | " off " } ] ["
|
|
.BR end_station " { " on " | " off " } ] ["
|
|
.BR scb " { " on " | " off " } ] ["
|
|
.BR protect " { " on " | " off " } ] ["
|
|
.BR replay " { " on " | " off " } ] ["
|
|
.BI window " WINDOW"
|
|
] [
|
|
.BR validate " { " strict " | " check " | " disabled " } ] ["
|
|
.BI encodingsa " SA"
|
|
]
|
|
|
|
.BI "ip macsec add " DEV " tx sa"
|
|
.RI "{ " 0..3 " } [ " OPTS " ]"
|
|
.BI key " ID KEY"
|
|
.br
|
|
.BI "ip macsec set " DEV " tx sa"
|
|
.RI "{ " 0..3 " } [ " OPTS " ]"
|
|
.br
|
|
.BI "ip macsec del " DEV " tx sa"
|
|
.RI "{ " 0..3 " }"
|
|
|
|
.BI "ip macsec add " DEV " rx " SCI
|
|
.RB [ " on " | " off " ]
|
|
.br
|
|
.BI "ip macsec set " DEV " rx " SCI
|
|
.RB [ " on " | " off " ]
|
|
.br
|
|
.BI "ip macsec del " DEV " rx " SCI
|
|
|
|
.BI "ip macsec add " DEV " rx " SCI " sa"
|
|
.RI "{ " 0..3 " } [ " OPTS " ]"
|
|
.BI key " ID KEY"
|
|
.br
|
|
.BI "ip macsec set " DEV " rx " SCI " sa"
|
|
.RI "{ " 0..3 " } [ " OPTS " ]"
|
|
.br
|
|
.BI "ip macsec del " DEV " rx " SCI " sa"
|
|
.RI "{ " 0..3 " }"
|
|
|
|
.B ip macsec show
|
|
.RI [ " DEV " ]
|
|
|
|
.IR OPTS " := [ "
|
|
.BR pn " { "
|
|
.IR 1..2^32-1 " } ] ["
|
|
.BR on " | " off " ]"
|
|
.br
|
|
.IR SCI " := { "
|
|
.B sci
|
|
.IR <u64> " | "
|
|
.BI port " <u16> " address " <lladdr> "
|
|
}
|
|
|
|
|
|
.SH DESCRIPTION
|
|
The
|
|
.B ip macsec
|
|
commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the
|
|
.B ip link add
|
|
command using the
|
|
.I macsec
|
|
type.
|
|
|
|
.SH EXAMPLES
|
|
.PP
|
|
.SS Create a MACsec device on link eth0
|
|
.nf
|
|
# ip link add link eth0 macsec0 type macsec port 11 encrypt on
|
|
.PP
|
|
.SS Configure a secure association on that device
|
|
.nf
|
|
# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
|
|
.PP
|
|
.SS Configure a receive channel
|
|
.nf
|
|
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
|
|
.PP
|
|
.SS Configure a receive association
|
|
.nf
|
|
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
|
|
.PP
|
|
.SS Display MACsec configuration
|
|
.nf
|
|
# ip macsec show
|
|
.SH SEE ALSO
|
|
.br
|
|
.BR ip-link (8)
|
|
.SH AUTHOR
|
|
Sabrina Dubroca <sd@queasysnail.net>
|