[mirror_iproute2.git] / man / man8 / ip-macsec.8

.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux"
.SH NAME
ip-macsec \- MACsec device configuration
.SH "SYNOPSIS"
.BI "ip link add link " DEVICE " name " NAME " type macsec "
[ [
.BI address " <lladdr>"
]
.BI port " PORT"
|
.BI sci " <u64>"
] [
.BR cipher " { " default " | " gcm-aes-128 " } ] ["
.BI icvlen " ICVLEN"
] [
.BR encrypt " { " on " | " off " } ] ["
.BR send_sci " { " on " | " off " } ] ["
.BR end_station " { " on " | " off " } ] ["
.BR scb " { " on " | " off " } ] ["
.BR protect " { " on " | " off " } ] ["
.BR replay " { " on " | " off " } ] ["
.BI window " WINDOW"
] [
.BR validate " { " strict " | " check " | " disabled " } ] ["
.BI encodingsa " SA"
]

.BI "ip macsec add " DEV " tx sa"
.RI "{ " 0..3 " } [ " OPTS " ]"
.BI key " ID KEY"
.br
.BI "ip macsec set " DEV " tx sa"
.RI "{ " 0..3 " } [ " OPTS " ]"
.br
.BI "ip macsec del " DEV " tx sa"
.RI "{ " 0..3 " }"

.BI "ip macsec add " DEV " rx " SCI
.RB [ " on " | " off " ]
.br
.BI "ip macsec set " DEV " rx " SCI
.RB [ " on " | " off " ]
.br
.BI "ip macsec del " DEV " rx " SCI

.BI "ip macsec add " DEV " rx " SCI " sa"
.RI "{ " 0..3 " } [ " OPTS " ]"
.BI key " ID KEY"
.br
.BI "ip macsec set " DEV " rx " SCI " sa"
.RI "{ " 0..3 " } [ " OPTS " ]"
.br
.BI "ip macsec del " DEV " rx " SCI " sa"
.RI "{ " 0..3 " }"

.B ip macsec show
.RI [ " DEV " ]

.IR OPTS " := [ "
.BR pn " { "
.IR 1..2^32-1 " } ] ["
.BR on " | " off " ]"
.br
.IR SCI " := { "
.B sci
.IR <u64> " | "
.BI port
.IR PORT
.BI address " <lladdr> "
}
.br
.IR PORT " := { " 1..2^16-1 " } "


.SH DESCRIPTION
The
.B ip macsec
commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the
.B ip link add
command using the
.I macsec
type.

.SH EXAMPLES
.PP
.SS Create a MACsec device on link eth0
.nf
# ip link add link eth0 macsec0 type macsec port 11 encrypt on
.PP
.SS Configure a secure association on that device
.nf
# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
.PP
.SS Configure a receive channel
.nf
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
.PP
.SS Configure a receive association
.nf
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
.PP
.SS Display MACsec configuration
.nf
# ip macsec show
.SH SEE ALSO
.br
.BR ip-link (8)
.SH AUTHOR
Sabrina Dubroca <sd@queasysnail.net>
Commit	Line	Data
b26fc590 SD	1	.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux"
	2	.SH NAME
	3	ip-macsec \- MACsec device configuration
	4	.SH "SYNOPSIS"
	5	.BI "ip link add link " DEVICE " name " NAME " type macsec "
5898bd66 DC	6	[ [
	7	.BI address " <lladdr>"
	8	]
c0ab80a4 DC	9	.BI port " PORT"
c0ab80a4 DC	10	\|
5898bd66	11	.BI sci " <u64>"
89bb6e67 DC	12	] [
89bb6e67 DC	13	.BR cipher " { " default " \| " gcm-aes-128 " } ] ["
b26fc590	14	.BI icvlen " ICVLEN"
c0ab80a4	15	] [
b26fc590 SD	16	.BR encrypt " { " on " \| " off " } ] ["
	17	.BR send_sci " { " on " \| " off " } ] ["
	18	.BR end_station " { " on " \| " off " } ] ["
	19	.BR scb " { " on " \| " off " } ] ["
	20	.BR protect " { " on " \| " off " } ] ["
	21	.BR replay " { " on " \| " off " } ] ["
	22	.BI window " WINDOW"
	23	] [
c0ab80a4	24	.BR validate " { " strict " \| " check " \| " disabled " } ] ["
b26fc590 SD	25	.BI encodingsa " SA"
	26	]
	27
	28	.BI "ip macsec add " DEV " tx sa"
	29	.RI "{ " 0..3 " } [ " OPTS " ]"
	30	.BI key " ID KEY"
	31	.br
	32	.BI "ip macsec set " DEV " tx sa"
	33	.RI "{ " 0..3 " } [ " OPTS " ]"
	34	.br
	35	.BI "ip macsec del " DEV " tx sa"
	36	.RI "{ " 0..3 " }"
	37
	38	.BI "ip macsec add " DEV " rx " SCI
	39	.RB [ " on " \| " off " ]
	40	.br
	41	.BI "ip macsec set " DEV " rx " SCI
	42	.RB [ " on " \| " off " ]
	43	.br
	44	.BI "ip macsec del " DEV " rx " SCI
	45
	46	.BI "ip macsec add " DEV " rx " SCI " sa"
	47	.RI "{ " 0..3 " } [ " OPTS " ]"
	48	.BI key " ID KEY"
	49	.br
	50	.BI "ip macsec set " DEV " rx " SCI " sa"
	51	.RI "{ " 0..3 " } [ " OPTS " ]"
	52	.br
	53	.BI "ip macsec del " DEV " rx " SCI " sa"
	54	.RI "{ " 0..3 " }"
	55
	56	.B ip macsec show
	57	.RI [ " DEV " ]
	58
	59	.IR OPTS " := [ "
	60	.BR pn " { "
	61	.IR 1..2^32-1 " } ] ["
	62	.BR on " \| " off " ]"
	63	.br
	64	.IR SCI " := { "
	65	.B sci
	66	.IR <u64> " \| "
5898bd66 DC	67	.BI port
	68	.IR PORT
	69	.BI address " <lladdr> "
b26fc590	70	}
5898bd66 DC	71	.br
5898bd66 DC	72	.IR PORT " := { " 1..2^16-1 " } "
b26fc590 SD	73
	74
	75	.SH DESCRIPTION
	76	The
	77	.B ip macsec
	78	commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the
	79	.B ip link add
	80	command using the
	81	.I macsec
	82	type.
	83
	84	.SH EXAMPLES
	85	.PP
	86	.SS Create a MACsec device on link eth0
	87	.nf
c0ab80a4	88	# ip link add link eth0 macsec0 type macsec port 11 encrypt on
b26fc590 SD	89	.PP
	90	.SS Configure a secure association on that device
	91	.nf
	92	# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
	93	.PP
	94	.SS Configure a receive channel
	95	.nf
	96	# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
	97	.PP
	98	.SS Configure a receive association
	99	.nf
	100	# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
	101	.PP
	102	.SS Display MACsec configuration
	103	.nf
	104	# ip macsec show
	105	.SH SEE ALSO
	106	.br
	107	.BR ip-link (8)
	108	.SH AUTHOR
	109	Sabrina Dubroca <sd@queasysnail.net>