Enabling MACsec and configuring group parameters

Enable MACsec globally on the device, and configure the MACsec Key Agreement (MKA) group before configuring MACsec security features for the group.

A valid license must be installed on the device before MACsec can be configured.

  1. At the global configuration level, enter the dot1x-mka-enable command to enable MACsec on the device.
    
    device# configure terminal
    device(config)# dot1x-mka-enable 
    device(config-dot1x-mka)#
    

    MACsec is enabled, and the device is placed at the dot1x-mka configuration level.
    Note: When MKA is disabled, all the ports are brought to a down state. You must manually enable the ports again to bring the ports back up.
  2. Enter the mka-cfg-group command followed by a group name to create a group.
    
    device# configure terminal
    device(config)# dot1x-mka  
    device(config-dot1x-mka)# mka-cfg-group test1 
    device(config-dot1x-mka-group-test1)#

    The group is created, and the device is placed at the group configuration level.

At the group configuration level, set the key-server priority, and define MACsec security features to be applied to interfaces once they are assigned to the group.