Workflow to configure MACsec
Stages
1 |
Verify that the discovery rule for each participating NE includes an SSH2 security access mediation policy; see To configure a discovery rule. |
2 |
Create a global MACsec connectivity association; see To configure a global MACsec connectivity association. |
3 |
Create a local MACsec connectivity association; see To configure a local connectivity association. |
4 |
Create a global PSK; see To create a global PSK. |
5 |
Create a rekeying schedule; see To configure a rekeying schedule. |
6 |
Add interfaces to the MACsec connectivity association; see To add an interface to a MACsec connectivity association. After MACsec interfaces are added, the NE establishes an MKA session, discovers MACsec peers, and begins encrypting traffic between peers. |