MACsec management module.
A MACsec profile contains the configuration required to setup a MACsec session. A profile contains a primary key and a fallback key. Each key contains a connectivity association key name (CKN) and a connectivity association key (CAK). Both the CKN and the CAK must be nonzero hex strings, and the CKN of the primary and fallback key cannot be the same.
Note: Must have a valid MACsec license configured for this API to work.
The following is an example of configuring a MACsec profile and attaching it to an interface.
* // Creating profile "test1" with a primary and fallback key * // and a rekey period of 300s * eos::macsec_profile_t profile("test1"); * eos::macsec_key_t primary; * primary.ckn_is("aaaa"); * primary.cak_is("123"); * eos::macsec_key_t fallback; * fallback.ckn_is("bbbb"); * fallback.cak_is("234"); * profile.primary_key_is(primary); * profile.fallback_key_is(fallback); * profile.rekey_period_is(300); * * // writing profile 'test1' * get_macsec_mgr()->profile_set(profile); * * // attaching the new profile 'test1' to interface Ethernet1/1 * eos::intf_id_t intfId("Ethernet1/1"); * get_macsec_mgr()->intf_profile_is(intfId, "test1"); *
This handler provides notifications when the MACsec status of an interface changes.
Public Functions
Registers this class to receive change updates on all interfaces.
Expects a boolean signifying whether notifications should be propagated to this instance or not.
Registers this class to receive change updates on the given interface.
Expects the id of the corresponding interface and a boolean signifying whether notifications should be propagated to this instance or not.
Called when the key status of a MACsec interface changes.
The MACsec manager. This class inspects and configures MACsec profiles.
Public Functions
Returns whether or not a profile with the given name exists.
Returns the macsec_profile_t with the given name. If no such profile exists, then return an empty profile with nothing configured.
Writes the given profile to MACsec config. If a profile with the given name already exists, update it with the configuration from the given macsec_profile_t. An unencoded input CAK will be encoded if the macsec_key_t‘s encoded attribute is set to false.
Deletes the profile with the given name if such a profile exists.
Returns the profile name of the profile attached to the interface. If there is no profile configured, return an empty string.
Configures the given interface to use the given MACsec profile. An interface can only have one MACsec profile applied at a time. Applying a new profile to an interface which is already associated with a different profile will overwrite the previous profile. If an empty string is provided as profile name, any existing profile will be removed.
Returns an object containing MACsec related status information of the given interface.
Returns whether or not an interface supports MACsec.
Protected Functions
Private Members
Friends
Typedefs
Enums
Cipher suite used for MACsec.
Values:
Which key an interface is using if a profile is configured.
Values:
A connectivity association key.
Public Functions
Getter for ‘cak’: connectivity association key (CAK). CAK is a hex string.
Setter for ‘cak’.
Getter for ‘ckn’: connectivity association key name (CKN). CKN is a hex string.
Setter for ‘ckn’.
Getter for ‘encoded’: whether or not the CAK has been encoded.
Setter for ‘encoded’.
The hash function for type macsec_key_t.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of macsec_key_t to the ostream.
A MACsec profile which can be attached to an interface.
Public Functions
Getter for ‘name’: the name of the profile.
Setter for ‘name’.
Getter for ‘primary_key’: the primary key, which is represented by a CKN and an associated CAK.
Setter for ‘primary_key’.
Getter for ‘fallback_key’: the fallback, or default, key, which is used when the primary is not successful.
Setter for ‘fallback_key’.
Getter for ‘key_server_priority’: MACsec Key Agreement (MKA) protocol key server priority. 255 is the highest priority.
Setter for ‘key_server_priority’.
Getter for ‘rekey_period’: MKA session re-key period in seconds.
Setter for ‘rekey_period’.
Getter for ‘cipher’: which encryption standard to use.
Setter for ‘cipher’.
Getter for ‘dot1x’: if set, derive MAC security keys from IEEE 802.1X based port authentication. This will be disabled if a key is provided manually.
Setter for ‘dot1x’.
Getter for ‘include_sci’: if set, include secure channel identifier (SCI) in data packets.
Setter for ‘include_sci’.
Getter for ‘bypass_lldp’: if set, transmit/receive LLDP frames without protection.
Setter for ‘bypass_lldp’.
Getter for ‘allow_unprotected’: if set, allow transmit/receive without MAC security protection.
Setter for ‘allow_unprotected’.
Getter for ‘replay_protection’: if set, enable replay protection.
Setter for ‘replay_protection’.
Getter for ‘replay_protection_window’: replay protection window size.
Setter for ‘replay_protection_window’.
The hash function for type macsec_profile_t.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of macsec_profile_t to the ostream.
Information regarding the MACsec status of an interface.
Public Functions
The hash function for type macsec_intf_status_t.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of macsec_intf_status_t to the ostream.
MACsec interface counters class.
Public Functions
The hash function for type macsec_intf_counters_t.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of macsec_intf_counters_t to the ostream.