macSecTag
macSecTag - contains the MacSec header.
SYNOPSIS
macSecTag sub-command options
DESCRIPTION
The macSecTag command is used to contain the MacSec header. This is the per-stream configuration. Note that macSecTag needs to be configured before stream is set.
STANDARD OPTIONS
tciVersion
Allows the configuration of version. (default = 0)
enableTciVersionOverride
Allows the enabling of version override. (default = false)
enableForceByteCorruption
Allows the enabling of forced byte corruption. (default = false)
enableOverrideFlagRestriction
Allows the enabling of tag control information override. (default = false)
enableTciEndStation
Allows the enabling of tag control information end station override. (default = false)
If this parameter is set to true along with enableTciIncludeSci when enableOverrideFlagRestriction is not enabled, then it is an invalid configuration and the set command fails with the error message posted in the TclEvents.log. Only one can be enabled at a time, either enableTciEndStation or enableTciIncludeSci.
enableTciIncludeSci
Allows the enabling of tag control information include Sci. (default = false)
If this parameter is set to true along with enableTciEndStation when enableOverrideFlagRestriction is not enabled, then it is an invalid configuration and the set command fails with the error message posted in the TclEvents.log. Only one can be enabled at a time, either enableTciEndStation or enableTciIncludeSci.
enableTciSingleCopyBroadcast
Allows the enabling of tag control information single copy broadcast. This parameter cannot be enabled if enableTciIncludeSci is enabled. (default = false)
enableTciEncryption
Allows the enabling of tag control information encryption. (default = false)
enableTciChangedText
Allows the enabling of tag control information changed text. (default = false)
associationNumber
Allows the configuration of association number. (default = 0)
macAddress
Allows the configuration of MAC address when enableTciIncludeSci = true. (default = '00 00 00 00 00 00')
portIdentifier
Allows the configuration of the port identifier value when enableTciIncludeSci = true. (default = 0)
enableShortLengthOverride
Allows the enabling of short length override. (default = false)
shortLength
Allows the configuration of short length. (default = 0)
packetNumber
Allows the configuration of packet number. (default = '00 00 00 00')
COMMANDS
The macSecTag command is invoked with the following sub-commands. If no sub-command is specified, returns a list of all sub-commands available.
macSecTag setDefault
Sets to IxTclHal default values for all configuration options.
macSecTag set chasID cardID portID
Commits to IxHAL the macSecTag header for a particular portID.
macSecTag get chasID cardID portID
Retrieves from IxHAL the macSecTag header for a particular portID.
macSecTag decode capFrame chasID cardID portID
Decodes the MacSec Tag Frame and populates the TCLMacSecTag object if the feature is supported and decoding was successful.
EXAMPLES
package req IxTclHal
set hostname loopback
ixConnectToChassis $astro
set retCode "PASS"
if {[ixConnectToChassis $hostName] } {
errorMsg "Error connecting to $hostName"
set retCode "FAIL"
}
set chassId [chassis cget -id]
set portList [list]
for { set cardId 1 } {$cardId <= [chassis cget -maxCardCount]} {incr cardId} {
if {[card get $chassId $cardId] == $::TCL_OK} {
set portId 1
if {[port isValidFeature $chassId $cardId $portId $::portFeatureMACSec]} {
port setModeDefaults $chassId $cardId $portId
lappend portList [list $chassId $cardId $portId]
}
}
}
if {[llength $portList] == 0} {
errorMsg "No ports in port list that support MACSec"
set retCode "FAIL"
return $retCode
}
foreach port $portList {
scan $port "%d %d %d" chassId cardId portId
if {[ macSecTx select $chassId $cardId $portId $streamId]} {
errorMsg "Error setTx macSec: "
set retCode "FAIL"
break
}
if {[ macSecRx select $chassId $cardId $portId $streamId]} {
errorMsg "Error setTx macSec: "
set retCode "FAIL"
break
}
macSecChannel setDefault
macSecChannel config -enable true
macSecChannel config -key "aa de bb 11 42"
if {[macSecChannel setAssociation $::secureAN0]} {
errorMsg "Error setting macSecChannel on secureAN0"
set retCode "FAIL"
break
}
macSecChannel config -key "00 ig ll 00 20"
if {[macSecChannel setAssociation $::secureAN1]} {
errorMsg "Error setting macSecChannel on secureAN1"
set retCode "FAIL"
break
}
# Add the first secure channel
if {[ macSecTx addChannel} {
errorMsg "Error adding Tx macSec connectivity association "
set retCode "FAIL"
break
}
# Add the second secure channel
if {[ macSecRx addChannel} {
errorMsg "Error adding Rx macSec connectivity association "
set retCode "FAIL"
break
}
set macSecChannelId 1
if {[ macSecTx get $macSecChannelId} {
errorMsg "Error getting macSecTx: "
set retCode "FAIL"
break
}
ixPuts "Number of Tx secure channels:[macSecTx cget -numChannels]"
if {[ macSecRx getChannel $macSecChannelId} {
errorMsg "Error getting macSecRx: "
set retCode "FAIL"
break
}
ixPuts "Number of Rx secure channels:[macSecRx cget -numChannels]"
if {[ macSecTx getFirstChannel } {
errorMsg "Error adding macSec: "
set retCode "FAIL"
break
}
if {[macSecChannel getAssociation $::secureAN1]} {
errorMsg "Error setting macSecChannel on secureAN1"
set retCode "FAIL"
break
}
ixPuts "association number [macSecChannel cget -associationNumber]
ixPuts "association key [macSecChannel cget -associationKey]
if {[ macSecRx getNextChannel } {
errorMsg "Error adding macSec: "
set retCode "FAIL"
break
}
ixPuts "Number of Rx secure channels:[macSecRx cget -numChannels]"
}
ixWritePortsToHardware portList
ixCheckLinkState portList
stream setDefault
protocol setDefault
protocol config -enableMacSec $::true
foreach port $portList {
set streamed 1
stream setDefault
stream config -name "my MACSec stream"
if [stream set $chassId $cardId $portId $streamId] {
errorMsg "Error setting stream on port $chassId.$cardId.$portId $streamId"
set retCode "FAIL"
break
}
macSecTag setDefault
macSecTag config - enableOverrideFlagRestriction true
macSecTag config -enableTciEndStation true
macSecTag config -enableTciIncludeSci true
macSecTag config -macAddress "00 11 22 33 44 56"
macSecTag config -portIdentifier 42
macSecTag config -associationNumber secureAN1
if {[macSecTag set $chassId $cardId $portId $streamId] {
errorMsg "Error setting macSecTag header on $chassId.$cardId.$portId $streamId"
set retCode "FAIL"
break
}
}
ixWriteConfigToHardware portList