Provided by: iproute2_4.15.0-2ubuntu1.3_amd64 
NAME
ip-macsec - MACsec device configuration
SYNOPSIS
ip link add link DEVICE name NAME type macsec [ [ address <lladdr> ] port PORT | sci <u64> ] [ cipher {
default | gcm-aes-128 } ] [ icvlen ICVLEN ] [ encrypt { on | off } ] [ send_sci { on | off } ] [
end_station { on | off } ] [ scb { on | off } ] [ protect { on | off } ] [ replay { on | off } ] [ window
WINDOW ] [ validate { strict | check | disabled } ] [ encodingsa SA ]
ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY
ip macsec set DEV tx sa { 0..3 } [ OPTS ]
ip macsec del DEV tx sa { 0..3 }
ip macsec add DEV rx SCI [ on | off ]
ip macsec set DEV rx SCI [ on | off ]
ip macsec del DEV rx SCI
ip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEY
ip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]
ip macsec del DEV rx SCI sa { 0..3 }
ip macsec show [ DEV ]
OPTS := [ pn { 1..2^32-1 } ] [ on | off ]
SCI := { sci <u64> | port PORT address <lladdr> }
PORT := { 1..2^16-1 }
DESCRIPTION
The ip macsec commands are used to configure transmit secure associations and receive secure channels and
their secure associations on a MACsec device created with the ip link add command using the macsec type.
EXAMPLES
Create a MACsec device on link eth0
# ip link add link eth0 macsec0 type macsec port 11 encrypt on
Configure a secure association on that device
# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
Configure a receive channel
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
Configure a receive association
# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
Display MACsec configuration
# ip macsec show
SEE ALSO
ip-link(8)
AUTHOR
Sabrina Dubroca <sd@queasysnail.net>