sak-expiry-time
sak-expiry-time
To set an expiry time for a forced Secure Association Key (SAK) rekey, use the sak-expiry-time command.
To reset to the default expiry time, use the no form of this command.
sak-expiry-time time
no sak-expiry-time time
Syntax Description
time
Command Default
The default value is pn-exhaust.
Command Modes
MACsec policy configuration (config-macsec-policy)
Command History
Release
8.2(1)
Usage Guidelines
To use this command, you should enable the MKA feature first.
Examples
This example shows how to set the SAK expiry time:
switch# configure terminal
switch(config)# macsec policy p1
switch(config-macsec-policy)# sak-expiry-time 60
Related Commands
Command
cipher suite
conf-offset
feature mka
key
Cisco Nexus 7000 Series Security Command Reference
640
Time, in seconds, to force a SAK rekey. The range
is 1-2592000. The default is pn-exhaust.
Modification
This command was introduced.
Description
Configures the cipher suite for encrypting traffic with
MACsec.
Configures the confidentiality offset for MKA
encryption.
Enables the MKA feature.
Creates a key or enters the configuration mode of an
existing key.
S Commands