Operate and maintain
Documents under this category provide functional descriptions and procedures for configuring, operating, and maintaining 7705 SAR software.
- Basic System Configuration Guide
  This guide provides an overview of the CLI and describes 7705 SAR boot options file (BOF) configuration, file system management, and basic system management such as node timing and synchronization.
- Interface Configuration Guide
  This guide describes the functionality of the 7705 SAR cards, modules, and ports and how to configure these components.
- MPLS Guide
  This guide describes how to configure MPLS, RSVP-TE, PCEP, and LDP protocols on the 7705 SAR.
- Quality of Service Guide
  This guide describes the Quality of Service (QoS) functionality provided by the 7705 SAR and how to configure and implement QoS on the router.
- Router Configuration Guide
  This guide describes how to configure logical IP routing interfaces, VRRP filtering, routing policies, and the cflowd tool on the 7705 SAR.
- Routing Protocols Guide
  This guide describes how to configure unicast routing protocols (OSFP, IS-IS, BGP, RIP) and multicast routing protocols (IGMP, MLD, PIM, MSDP) supported on the 7705 SAR.
- Services Guide
  This guide describes how to configure service parameters such as service access points (SAPs) and service destination points (SDPs), Layer 2 and Layer 3 services, security functions (IPSec), and encryption functions (NGE) on the 7705 SAR.
- System Management Guide
  This guide describes how to configure system security and access features, SNMP functionality, and event and accounting logs on the 7705 SAR.

SA limits and network design

MACsec is supported on the 6-port Ethernet 10Gbps Adapter card, version 2. The card has two MACsec PHY devices, referred to as MACsec security zones.

In accordance with the IEEE 802.1AE standard, each SecY contains a security channel (SC), which is a unidirectional concept; for example, Rx-SC or Tx-SC. Each SC contains at least one SA for encryption on Tx-SC and decryption on Rx-SC. For extra security, each SC should be able to roll over the SA. The system allocates resources for two SAs on each SC for rollover purposes, as defined in the standard. An SA is the key to encrypt or decrypt the data.

On the 6-port Ethernet 10Gbps Adapter card, version 2, one MACsec PHY device has ports 1, 2, 3, and 4. Each port is mapped to its own security zone: port 1 maps to security zone 1, port 2 maps to security zone 2, port 3 maps to security zone 3, and port 4 maps to security zone 4. Each port, and therefore each zone, supports 8 Tx-SCs and 8 Rx-SCs, resulting in 16 Tx-SAs and 16 Rx-SAs.

The other MACsec PHY device on the 6-port Ethernet 10Gbps Adapter card, version 2 has ports 5 and 6. Ports 5 and 6 both map to security zone 5. Security zone 5 supports 32 Tx-SCs and 32 Rx-SCs, resulting in 64 Tx-SAs and 64 Rx-SAs. Each port in security zone 5 is limited to a maximum of 32 Tx-SCs and 32 Rx-SCs.

October 30, 2024