Workflow to configure MACsec

Stages
 

Verify that the discovery rule for each participating NE includes an SSH2 security access mediation policy; see To configure a discovery rule.


Create a global MACsec connectivity association; see To configure a global MACsec connectivity association.


Create a local MACsec connectivity association; see To configure a local connectivity association.


Create a global PSK; see To create a global PSK.


Create a rekeying schedule; see To configure a rekeying schedule.


Add interfaces to the MACsec connectivity association; see To add an interface to a MACsec connectivity association.

After MACsec interfaces are added, the NE establishes an MKA session, discovers MACsec peers, and begins encrypting traffic between peers.