macSecTag

macSecTag - contains the MacSec header.

SYNOPSIS

macSecTag sub-command options

DESCRIPTION

The macSecTag command is used to contain the MacSec header. This is the per-stream configuration. Note that macSecTag needs to be configured before stream is set.

STANDARD OPTIONS
tciVersion

Allows the configuration of version. (default = 0)

enableTciVersionOverride

Allows the enabling of version override. (default = false)

enableForceByteCorruption

Allows the enabling of forced byte corruption. (default = false)

enableOverrideFlagRestriction

Allows the enabling of tag control information override. (default = false)

enableTciEndStation

Allows the enabling of tag control information end station override. (default = false)

If this parameter is set to true along with enableTciIncludeSci when enableOverrideFlagRestriction is not enabled, then it is an invalid configuration and the set command fails with the error message posted in the TclEvents.log. Only one can be enabled at a time, either enableTciEndStation or enableTciIncludeSci.

enableTciIncludeSci

Allows the enabling of tag control information include Sci. (default = false)

If this parameter is set to true along with enableTciEndStation when enableOverrideFlagRestriction is not enabled, then it is an invalid configuration and the set command fails with the error message posted in the TclEvents.log. Only one can be enabled at a time, either enableTciEndStation or enableTciIncludeSci.

enableTciSingleCopyBroadcast

Allows the enabling of tag control information single copy broadcast. This parameter cannot be enabled if enableTciIncludeSci is enabled. (default = false)

enableTciEncryption

Allows the enabling of tag control information encryption. (default = false)

enableTciChangedText

Allows the enabling of tag control information changed text. (default = false)

associationNumber

Allows the configuration of association number. (default = 0)

macAddress

Allows the configuration of MAC address when enableTciIncludeSci = true. (default = '00 00 00 00 00 00')

portIdentifier

Allows the configuration of the port identifier value when enableTciIncludeSci = true. (default = 0)

enableShortLengthOverride

Allows the enabling of short length override. (default = false)

shortLength

Allows the configuration of short length. (default = 0)

packetNumber

Allows the configuration of packet number. (default = '00 00 00 00')

COMMANDS

The macSecTag command is invoked with the following sub-commands. If no sub-command is specified, returns a list of all sub-commands available.

macSecTag setDefault

Sets to IxTclHal default values for all configuration options.

macSecTag set chasID cardID portID

Commits to IxHAL the macSecTag header for a particular portID.

macSecTag get chasID cardID portID

Retrieves from IxHAL the macSecTag header for a particular portID.

macSecTag decode capFrame chasID cardID portID

Decodes the MacSec Tag Frame and populates the TCLMacSecTag object if the feature is supported and decoding was successful.

EXAMPLES

package req IxTclHal

set hostname loopback

ixConnectToChassis $astro

set retCode "PASS"

 

if {[ixConnectToChassis $hostName] } {

errorMsg "Error connecting to $hostName"

set retCode "FAIL"

}

set chassId [chassis cget -id]

set portList [list]

 

for { set cardId 1 } {$cardId <= [chassis cget -maxCardCount]} {incr cardId} {

if {[card get $chassId $cardId] == $::TCL_OK} {

set portId 1

if {[port isValidFeature $chassId $cardId $portId $::portFeatureMACSec]} {

port setModeDefaults $chassId $cardId $portId

lappend portList [list $chassId $cardId $portId]

}

}

}

if {[llength $portList] == 0} {

errorMsg "No ports in port list that support MACSec"

set retCode "FAIL"

return $retCode

}

 

foreach port $portList {

scan $port "%d %d %d" chassId cardId portId

 

if {[ macSecTx select $chassId $cardId $portId $streamId]} {

errorMsg "Error setTx macSec: "

set retCode "FAIL"

break

}

if {[ macSecRx select $chassId $cardId $portId $streamId]} {

errorMsg "Error setTx macSec: "

set retCode "FAIL"

break

}

 

macSecChannel setDefault

macSecChannel config -enable true

macSecChannel config -key "aa de bb 11 42"

if {[macSecChannel setAssociation $::secureAN0]} {

errorMsg "Error setting macSecChannel on secureAN0"

set retCode "FAIL"

break

}

 

macSecChannel config -key "00 ig ll 00 20"

if {[macSecChannel setAssociation $::secureAN1]} {

errorMsg "Error setting macSecChannel on secureAN1"

set retCode "FAIL"

break

}

 

# Add the first secure channel

if {[ macSecTx addChannel} {

errorMsg "Error adding Tx macSec connectivity association "

set retCode "FAIL"

break

}

 

# Add the second secure channel

if {[ macSecRx addChannel} {

errorMsg "Error adding Rx macSec connectivity association "

set retCode "FAIL"

break

}

set macSecChannelId 1

if {[ macSecTx get $macSecChannelId} {

errorMsg "Error getting macSecTx: "

set retCode "FAIL"

break

}

 

ixPuts "Number of Tx secure channels:[macSecTx cget -numChannels]"

 

if {[ macSecRx getChannel $macSecChannelId} {

errorMsg "Error getting macSecRx: "

set retCode "FAIL"

break

}

 

ixPuts "Number of Rx secure channels:[macSecRx cget -numChannels]"

 

if {[ macSecTx getFirstChannel } {

errorMsg "Error adding macSec: "

set retCode "FAIL"

break

}

if {[macSecChannel getAssociation $::secureAN1]} {

errorMsg "Error setting macSecChannel on secureAN1"

set retCode "FAIL"

break

}

ixPuts "association number [macSecChannel cget -associationNumber]

ixPuts "association key [macSecChannel cget -associationKey]

 

if {[ macSecRx getNextChannel } {

errorMsg "Error adding macSec: "

set retCode "FAIL"

break

}

ixPuts "Number of Rx secure channels:[macSecRx cget -numChannels]"

}

 

ixWritePortsToHardware portList

ixCheckLinkState portList

 

stream setDefault

protocol setDefault

protocol config -enableMacSec $::true

 

foreach port $portList {

set streamed 1

stream setDefault

stream config -name "my MACSec stream"

if [stream set $chassId $cardId $portId $streamId] {

errorMsg "Error setting stream on port $chassId.$cardId.$portId $streamId"

set retCode "FAIL"

break

}

macSecTag setDefault

macSecTag config - enableOverrideFlagRestriction true

macSecTag config -enableTciEndStation true

macSecTag config -enableTciIncludeSci true

macSecTag config -macAddress "00 11 22 33 44 56"

macSecTag config -portIdentifier 42

macSecTag config -associationNumber secureAN1

if {[macSecTag set $chassId $cardId $portId $streamId] {

errorMsg "Error setting macSecTag header on $chassId.$cardId.$portId $streamId"

set retCode "FAIL"

break

}

 

}

 

ixWriteConfigToHardware portList

 

SEE ALSO

macSecChannel, macSecTx, macSecRx.