API ReferenceNew CentralGuidesMRT APIConfiguration API
GithubAirheads Developer Community
API Reference
GithubAirheads Developer Community

Configure a new MACsec policy

post
https://de1.api.central.arubanetworks.com/network-config/v1alpha1/macsec/

List of MACsec policies.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required
length ≤ 9999

Name of the MACsec policy.

Query Params
string

LOCAL - To create local objects. SHARED - To create shared objects. Default - Defaults to SHARED if not provided

string

Scope at which local object needs to be created. Mandatory if object-type = LOCAL. Should not be provided for object-type = SHARED.

string

Device function for which the local object needs to be created. Mandatory if object_type = LOCAL. Should not be provided for object_type = SHARED.

Body Params

policybody object

bypass-list
array of strings
length ≤ 2147483647
Show Details
IEEE_BPDUBypass MACsec protection for IEEE BPDU frames. Packets with destination MAC as one of the IEEE BPDU MACs (01:80:c2:00:00:0*) will bypass the MACsec engine in both the Tx and Rx directions.
bypass-list
string
length ≤ 9999

Secure Connectivity Assocation Key (CAK) associated with this
policy.

cipher-suites
array of strings
length ≤ 2147483647
Show Details
GCM_AES_128Galois/Counter mode of operation with the AES-128 symmetric block cipher.
GCM_AES_128_XPNGalois/Counter mode of operation with the AES-128 symmetric block cipher with extended packet numbering.
GCM_AES_256Galois/Counter mode of operation with the AES-256 symmetric block cipher.
GCM_AES_256_XPNGalois/Counter mode of operation with the AES-256 symmetric block cipher with extended packet numbering.
cipher-suites
string
length ≤ 9999

Connectivity Association Key Name (CKN) associated with this
policy.

string
enum
Defaults to NONE

Ethernet data in a MACsec PDU that must precede the MACsec SecTAG
in clear text.

Show Details
DOT1QSend the 802.1q tag in clear in a MACsec PDU. When configured, untagged traffic is not allowed on the MACsec channel.
NONEThe SecTAG directly follows the destination and source MAC address in a MACsec PDU.
Allowed:
boolean
Defaults to true

Enable confidentiality in the MACsec policy.

string
enum
Defaults to BYTE_0

Number of octets in an Ethernet frame that are unencrypted.
This is only applicable when confidentiality is enabled in the
policy.

Show Details
BYTE_0The entire Ethernet frame is sent encrypted.
BYTE_30The data following the first 30 bytes of the Ethernet frame is sent encrypted.
BYTE_50The data following the first 50 bytes of the Ethernet frame is sent encrypted.
Allowed:
boolean
Defaults to false

Enable data delay protection. Data delay protection allows
MKA participants to ensure that the data frames protected by
MACsec delayed by more than 2 seconds are dropped.

boolean
Defaults to true

Enable inclusion of Secure Channel Identifier (SCI) tag
information in the Security TAG (SecTAG) field.

boolean
Defaults to true

Enable replay protection in the MACsec policy.

int64
0 to 4294967295
Defaults to 0

Replay protection window associated with this policy. When a
packet is received, it is processed only if the Packet Number
(PN) associated with this packet is within the replay window.
This is only applicable if the replay protection is enabled in
the policy.
For PVOS device, valid range: 0-1024.
For CX device, valid range: 0-4294967295.
For AP device, valid range: 0-4294967295.

string
enum
Defaults to MUST_SECURE

Forwarding behavior of the interface when
the MKA session is not established.

Show Details
MUST_SECUREConfigure the interface to block traffic if MKA session is not established.
SHOULD_SECUREConfigure the interface to allow traffic if MKA session is not established.
Allowed:
string
length between 1 and 256

MACsec policy description.

string
length between 1 and 128

Name of the MACsec policy.

Responses

Updated 11 days ago

Language
Credentials
OAuth2
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 11 days ago