To configure a global MACsec connectivity association
Purpose
Perform this procedure to create a connectivity association for HSM key management.
Note: Before you can use an HSM for key management, you must add the HSM to the NFM-P configuration; see the procedure to add an HSM to the NFM-P in the NSP System Administrator Guide.
Note: The NFM-P does not store CAKs generated by an HSM.
Steps
1 |
Choose Manage → MACsec from the NFM-P main menu. The Manage MACsec form opens. |
2 |
Click Create → Connectivity Association, or choose a connectivity association and click Properties. The Connectivity Association (Create|Edit) form opens. Note: For 7705 SR, 7450 ESS, and 7950 XRS nodes only. For NFM-P 26.4 and later, or node releases 26.3 and later, the MKA Hello Interval and Key Server Priority attributes are listed in the General tab. For NFM-P releases earlier than 26.4, or node releases earlier than 26.3, the MKA Hello Interval and Key Server Priority attributes are listed in the Static CAK tab. |
3 |
Configure the required General parameters. |
4 |
In the Keying Parameters panel, configure the Key Source parameter. If you choose HSM, click the Select button and select an HSM. |
5 |
Configure the required parameters for Static CAK. |
6 |
Close the forms. End of steps |