Tree - source-git/iproute - CentOS Git server

source-git / iproute

Blame man/man8/ip-macsec.8

Blob History Raw

Packit Service	3880ab	`.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux"`
Packit Service	3880ab	`.SH NAME`
Packit Service	3880ab	`ip-macsec \- MACsec device configuration`
Packit Service	3880ab	`.SH "SYNOPSIS"`
Packit Service	3880ab	`.BI "ip link add link " DEVICE " name " NAME " type macsec "`
Packit Service	3880ab	`[ [`
Packit Service	3880ab	`.BI address " <lladdr>"`
Packit Service	3880ab	`]`
Packit Service	3880ab	`.BI port " PORT"`
Packit Service	3880ab	`\|`
Packit Service	3880ab	`.BI sci " <u64>"`
Packit Service	3880ab	`] [`
Packit Service	3880ab	`.BR cipher " { " default " \| " gcm-aes-128 " \| "gcm-aes-256" } ] ["`
Packit Service	3880ab	`.BI icvlen " ICVLEN"`
Packit Service	3880ab	`] [`
Packit Service	3880ab	`.BR encrypt " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BR send_sci " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BR end_station " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BR scb " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BR protect " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BR replay " { " on " \| " off " } ] ["`
Packit Service	3880ab	`.BI window " WINDOW"`
Packit Service	3880ab	`] [`
Packit Service	3880ab	`.BR validate " { " strict " \| " check " \| " disabled " } ] ["`
Packit Service	3880ab	`.BI encodingsa " SA"`
Packit Service	3880ab	`] [`
Packit Service	3880ab	`.BR offload " { " off " \| " phy " \| " mac " }"`
Packit Service	3880ab	`]`
Packit Service	3880ab
Packit Service	3880ab	`.BI "ip macsec add " DEV " tx sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " } [ " OPTS " ]"`
Packit Service	3880ab	`.BI key " ID KEY"`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec set " DEV " tx sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " } [ " OPTS " ]"`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec del " DEV " tx sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " }"`
Packit Service	3880ab
Packit Service	3880ab	`.BI "ip macsec add " DEV " rx " SCI`
Packit Service	3880ab	`.RB [ " on " \| " off " ]`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec set " DEV " rx " SCI`
Packit Service	3880ab	`.RB [ " on " \| " off " ]`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec del " DEV " rx " SCI`
Packit Service	3880ab
Packit Service	3880ab	`.BI "ip macsec add " DEV " rx " SCI " sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " } [ " OPTS " ]"`
Packit Service	3880ab	`.BI key " ID KEY"`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec set " DEV " rx " SCI " sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " } [ " OPTS " ]"`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BI "ip macsec del " DEV " rx " SCI " sa"`
Packit Service	3880ab	`.RI "{ " 0..3 " }"`
Packit Service	3880ab
Packit Service	3880ab	`.BI "ip macsec offload " DEV`
Packit Service	3880ab	`.RB "{ " off " \| " phy " \| " mac " }"`
Packit Service	3880ab
Packit Service	3880ab	`.B ip macsec show`
Packit Service	3880ab	`.RI [ " DEV " ]`
Packit Service	3880ab
Packit Service	3880ab	`.IR OPTS " := [ "`
Packit Service	3880ab	`.BR pn " { "`
Packit Service	3880ab	`.IR 1..2^32-1 " } ] ["`
Packit Service	3880ab	`.BR on " \| " off " ]"`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.IR SCI " := { "`
Packit Service	3880ab	`.B sci`
Packit Service	3880ab	`.IR <u64> " \| "`
Packit Service	3880ab	`.BI port`
Packit Service	3880ab	`.IR PORT`
Packit Service	3880ab	`.BI address " <lladdr> "`
Packit Service	3880ab	`}`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.IR PORT " := { " 1..2^16-1 " } "`
Packit Service	3880ab
Packit Service	3880ab
Packit Service	3880ab	`.SH DESCRIPTION`
Packit Service	3880ab	`The`
Packit Service	3880ab	`.B ip macsec`
Packit Service	3880ab	`commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the`
Packit Service	3880ab	`.B ip link add`
Packit Service	3880ab	`command using the`
Packit Service	3880ab	`.I macsec`
Packit Service	3880ab	`type.`
Packit Service	3880ab
Packit Service	3880ab	`.SH EXAMPLES`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Create a MACsec device on link eth0 (offload is disabled by default)`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip link add link eth0 macsec0 type macsec port 11 encrypt on`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Configure a secure association on that device`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Configure a receive channel`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Configure a receive association`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Display MACsec configuration`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip macsec show`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Configure offloading on an interface`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip macsec offload macsec0 phy`
Packit Service	3880ab	`.PP`
Packit Service	3880ab	`.SS Configure offloading upon MACsec device creation`
Packit Service	3880ab	`.nf`
Packit Service	3880ab	`# ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac`
Packit Service	3880ab
Packit Service	3880ab	`.SH NOTES`
Packit Service	3880ab	`This tool can be used to configure the 802.1AE keys of the interface. Note that 802.1AE uses GCM-AES`
Packit Service	3880ab	`with a initialization vector (IV) derived from the packet number. The same key must not be used`
Packit Service	3880ab	`with the same IV more than once. Instead, keys must be frequently regenerated and distibuted.`
Packit Service	3880ab	`This tool is thus mostly for debugging and testing, or in combination with a user-space application`
Packit Service	3880ab	`that reconfigures the keys. It is wrong to just configure the keys statically and assume them to work`
Packit Service	3880ab	`indefinitely. The suggested and standardized way for key management is 802.1X-2010, which is implemented`
Packit Service	3880ab	`by wpa_supplicant.`
Packit Service	3880ab
Packit Service	3880ab	`.SH SEE ALSO`
Packit Service	3880ab	`.br`
Packit Service	3880ab	`.BR ip-link (8)`
Packit Service	3880ab	`.BR wpa_supplicant (8)`
Packit Service	3880ab	`.SH AUTHOR`
Packit Service	3880ab	`Sabrina Dubroca <sd@queasysnail.net>`

source-git / iproute

Source Code

Blame man/man8/ip-macsec.8