Cisco MACsec

配置方法，待续
基础配置
interface Vlan10
ip address 192.168.1.1 255.255.255.0

interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 10 mode active

interface Port-channel10
switchport trunk encapsulation dot1q
switchport mode trunk

MACsec配置
key chain KC macsec
key 1000
cryptographic-algorithm aes-128-cmac
key-string FC8F5B10557C192F03F60198413D7D45
exit

mka policy POLICY
key-server priority 0
macsec-cipher-suite gcm-aes-128
confidentiality-offset 0
exit

interface gigabitethernet 0/0
macsec network-link
mka policy POLICY
mka pre-shared-key key-chain KC
exit