Operate and maintain
Documents under this category provide functional descriptions and procedures for configuring, operating, and maintaining 7705 SAR software.
- Basic System Configuration Guide
  This guide provides an overview of the CLI and describes 7705 SAR boot options file (BOF) configuration, file system management, and basic system management such as node timing and synchronization.
- Interface Configuration Guide
  This guide describes the functionality of the 7705 SAR cards, modules, and ports and how to configure these components.
- MPLS Guide
  This guide describes how to configure MPLS, RSVP-TE, PCEP, and LDP protocols on the 7705 SAR.
- Quality of Service Guide
  This guide describes the Quality of Service (QoS) functionality provided by the 7705 SAR and how to configure and implement QoS on the router.
- Router Configuration Guide
  This guide describes how to configure logical IP routing interfaces, VRRP filtering, routing policies, and the cflowd tool on the 7705 SAR.
- Routing Protocols Guide
  This guide describes how to configure unicast routing protocols (OSFP, IS-IS, BGP, RIP) and multicast routing protocols (IGMP, MLD, PIM, MSDP) supported on the 7705 SAR.
- Services Guide
  This guide describes how to configure service parameters such as service access points (SAPs) and service destination points (SDPs), Layer 2 and Layer 3 services, security functions (IPSec), and encryption functions (NGE) on the 7705 SAR.
- System Management Guide
  This guide describes how to configure system security and access features, SNMP functionality, and event and accounting logs on the 7705 SAR.

ANYsec overview

Nokia ANYsec uses the IEEE 802.1AE (MACsec) standard in its datapath encryption engine and IEEE 802.1x (dot1x/MKA) as its control plane signaling protocol. ANYsec uses the user-configured MACsec connectivity association (CA) with a set of pre-shared keys (PSKs), the same way MACsec does, to negotiate datapath keys between two or more peers.

The following is a high-level overview of the ANYsec encryption process.

1. The user configures the ANYsec-specific CA, which supports the exclusive use of the CA with ANYsec encryption.

config>macsec>connectivity-association>anysec

2. The MACsec key agreement (MKA) key server generates the datapath security association keys (SAKs) locally on the 7705 SAR. The user configures the key-server selection priority using the mka-key-server-priority command.

3. The MKA uses CMAC-AES-128/256 to encrypt the SAKs using PSK and distributes the SAKs.

4. ANYsec modifies the MKA for transport over IP/UDP (described in more detail in later topics). MKA distributes the SAKs between peers, and ANYsec uses the SAKs to encrypt and decrypt the MPLS payload via the IEEE 802.1AE standard using the encryption engine.

The following figure shows a high-level implementation of ANYsec in a network.

Figure 1. ANYsec high-level implementation

October 29, 2025