Device Configuration Functions¶
emulation macsec config¶
Execute Tester Command ${rt_handle} command=test_control <additional key=value arguments>
- Purpose:
Spirent Extension (for Spirent HLTAPI only).
Used to configure, modify or delete emulated MACsec devices.
Synopsis:
Note: 1. M indicates the argument is `Mandatory`.
2. S indicates the argument is for `scaling` scenarios.
emulation macsec config
mode= {create|modify|delete} M
port_handle= <port_handle>
handle= < device_handle>
block_mode= {one_host_per_block|one_device_per_block|
one_network_per_block|
multiple_networks_per_block|
multiple_device_per_block} S]
expand= {true|false} S
count= <integer>
encapsulation= {ethernet_ii|ethernet_ii_vlan|ethernet_ii_qinq|ethernet_ii_mvlan}
enable_ping_response= {1|0}
enable_gw_learning= {true|false}
gateway_mac= <aa:bb:cc:dd:ee:ff>
resolve_gateway_mac= {true|false}
ipv6_gateway_mac= <aa:bb:cc:dd:ee:ff>
ipv6_resolve_gateway_mac= {true|false}
ip_version= {ipv4|ipv6|ipv46|none}
intf_ip_addr= <a.b.c.d>
intf_ip_addr_step= <a.b.c.d>
ip_stack_count= <0-65535>
ip_step_per_port= <a.b.c.d>
ip_step_per_vlan= <a.b.c.d>
stack_ip_repeat= <0-65535>
stack_ip_recycle_count= <0-65535>
gateway_ip_addr= <a.b.c.d>
gateway_ip_addr_step= <a.b.c.d>
use_ip_addr_range_gateway= {true|false}
stack_gateway_ip_repeat= <0-65535>
stack_gateway_ip_recycle_count= <0-65535>
use_ipv6_addr_range_gateway= {true|false}
stack_gateway_ipv6_repeat= <0-65535>
stack_gateway_ipv6_recycle_count= <0-65535>
gateway_ipv6_addr= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
gateway_ipv6_addr_step= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
intf_prefix_len= <1-32>
intf_ipv6_addr= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
intf_ipv6_addr_step= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
intf_ipv6_prefix_len= <1-128>
ipv6_step_per_port= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
ipv6_step_per_vlan= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
link_local_ipv6_addr= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
link_local_ipv6_addr_step= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
link_local_ipv6_prefix_len= <0-128>
link_local_ipv6_step_per_port= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
link_local_ipv6_step_per_vlan= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
ipv6_stack_count= <0-65535>
stack_ipv6_repeat= <0-65535>
stack_ipv6_recycle_count= <0-65535>
mac_addr= <aa:bb:cc:dd:ee:ff>
mac_addr_step= <aa:bb:cc:dd:ee:ff>
mac_addr_step_per_port= <aa:bb:cc:dd:ee:ff>
mac_addr_step_per_vlan= <aa:bb:cc:dd:ee:ff>
qinq_incr_mode= {inner|outer|both}
router_id= <a.b.c.d>
router_id_ipv6= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
router_id_step= <a.b.c.d>
router_id_ipv6_step= <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>
ipv6_router_id_src= {manual|use_ipv6_global_addr|use_ipv6_ll_add}
tos= <0-255>
tos_type= {tos|diffserv}
traffic_class= <0-255>
use_default_phy_mac= {true|false}
vlan_id= <0-4095>
vlan_id_count= <1-4096>
vlan_id_step= <0-4095>
vlan_id_repeat_count= <0-4294967295>
vlan_id_stack_count= <NUMERIC>
vlan_id_repeatmode= <REPEAT_ACROSS_PORT | NO_REPEAT | REPEAT_ACROSS_LOWER_IF>
vlan_user_pri= <0-7>
vlan_outer_id= <0-4095>
vlan_outer_id_count= <1-4096>
vlan_outer_id_step= <0-4095>
vlan_outer_id_repeat_count= <0-4294967295>
vlan_outer_id_repeatmode= <REPEAT_ACROSS_PORT | NO_REPEAT | REPEAT_ACROSS_LOWER_IF>
vlan_outer_user_pri= <0-7>
vlan_tpid= <0-65535>
vlan_cfi= <0-1>
vlan_outer_tpid= <0-65535>
vlan_outer_cfi= <0-1>
vlan_id_list= <0-4095>
vlan_id_step_list= <0-4095>
vlan_id_count_list= <0-4095>
vlan_user_pri_list= <0-7>
vlan_id_repeat_count_list= <0-4294967295>
vlan_tpid_list= <0-65535>
vlan_cfi_list= <0-65535>
name= <string>
block_name_index= <0-4294967295>
count_per_block= <integer>
count_block_per_port= <integer>
enable_rfc4814_addresses= {true|false}
random_seed_value= <numeric>
macsec_mode= {static_sak|static_cak}
vlan_tags= <NUMERIC>
cipher_suite= {gcmaes128|gcmaes256}
enable_xpn= {true|false}
enable_sci= {true|false}
port_id= <NUMERIC>
port_id_step= <NUMERIC>
association_number= <NUMERIC>
association_number_step= <NUMERIC>
peer_association_number= <NUMERIC>
peer_association_number_step= <NUMERIC>
peer_mac= <aa:bb:cc:dd:ee:ff>
peer_mac_step= <aa:bb:cc:dd:ee:ff>
start_pkt_num= <NUMERIC>
encryption_offset= {none|vlan|ipv4|ipv6|all}
replay_protection_window= <NUMERIC>
session_key= <HEX>
session_key_step= <HEX>
static_cak_name= <HEX>
static_cak_name_step= <HEX>
static_cak_value= <HEX>
static_cak_value_step= <HEX>
Arguments:
port_handle
Specifies the port on which to create the emulated MACsec device.
This handle is returned by the ``connect`` function.
It is `Mandatory` for mode create.
handle
Specifies the MACsec device handle. This argument is `Mandatory` for
mode modify and delete. For mode delete, you can also specify
the value all, to delete all devices.
Note: handle all is only valid for -mode delete.
mode
Specifies the action to perform on the test port. This argument is
`Mandatory`. Possible values are::
create - Creates the MACsec device on the specified port. You must
specify port_handle.
modify - Modifies the configured MACsec device identified by handle.
delete - Deletes the emulated MACsec device identified by handle.
block_mode
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the device block mode. Emulated device objects may be
used to represent a single device or a block of many devices for
higher scalability. Emulated device blocks are not supported by
all protocols (for example, routing protocols) and have less
granularity of control at the protocol level and in traffic
configuration. Possible values are described below::
one_device_per_block One emulated device block is created
for each device
one_network_per_block One emulated device block is created
for each network
multiple_networks_per_block One emulated device block may represent
multiple networks. Note that there
are limitations to what can be
represented as a single emulated
device block using this mode .
multiple_device_per_block Multiple devices per block
This argument is available for mode create.
expand
`Spirent Extension (for Spirent HLTAPI only).`
Determines whether to expand the specified device parameters into
emulated device objects during `scaling` test scenarios.
This argument is used in `scaling` test scenarios, and available
for mode create, and working together with -block_mode.
Possible values are true and false.
If it is set to true, a list of emulated devices will be created
and their handles returned.
If it is set to false, param_handle will be returned, which can
be passed to protocol configuration APIs, for example::
mode activate in emulation isis config.
count
Specifies the number of emulated devices to be created. The
default value is 1.
router_id
Specifies the router ID of the emulated device. The value
must be in IPv4 format.
router_id_ipv6
Specifies the IPv6 router ID of the emulated device. The value
must be in IPv6 format.
enable_ping_response
Enables or disables the emulated device to respond to ping.
Possible values are 0 (disable) and 1 (enable). The default is 0.
enable_gw_learning
`Spirent Extension (for Spirent HLTAPI only).`
Enables or disables IPv6 learning for the gateway IP and MAC
addresses. Possible values are true (enable) and false (disable).
The default value is false.
gateway_mac
Specifies the IPv4 gateway's MAC address for the emulated device.
The default value is 00:00:01:00:00:01.
resolve_gateway_mac
Determines whether to resolve the IPv4 gateway's MAC address.
Possible values are true and false. The default value is true.
ipv6_gateway_mac
Specifies the IPv6 gateway's MAC address for the emulated device.
The default value is 00:00:01:00:00:01.
ipv6_resolve_gateway_mac
Determines whether to resolve the IPv6 gateway's MAC address.
Possible values are true and false. The default value is true.
ip_version
Defines the IP version of the emulated device. Possible values
are ipv4, ipv6, ipv46, and none. The default value is ipv4.
intf_ip_addr
Specifies the IPv4 address of the emulated device. The default
value is 192.85.1.3.
intf_ip_addr_step
Specifies the difference between IPv4 interface addresses of
consecutive devices when multiple emulated devices are created.
The value must be in IPv4 format. The default is 0.0.0.1.
ip_stack_count
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the number of IPv4 objects to be created. Possible
values range from 0 to 65535. The default value is 1.
ip_step_per_port
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment IPv4 addresses for
the device block per port
Dependency: block_mode or -expand
Values: IPv4
ip_step_per_vlan
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment IPv4 addresses for
the device block per VLAN
Dependency: block_mode or -expand
Values: IPv4
stack_ip_repeat
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to repeat the same IPv4 address before
incrementing it. Possible values range from 0 to 65535. The
default value is 0.
stack_ip_recycle_count
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to increment the IPv4 address before
returning to the starting value. Possible values range from 0 to
65535. The default value is 0.
gateway_ip_addr
Specifies the IPv4 gateway address for the emulated device.
gateway_ip_addr_step
Specifies the difference between IPv4 gateway addresses of
consecutive devices when multiple emulated devices are created.
The default value is 0.0.0.1.
use_ip_addr_range_gateway
Specifies the same settings for gateway as the IP address range parameters
Possible values are true and false.
The default value is false.
stack_gateway_ip_repeat
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to repeat the same IPv4 gateway address before
incrementing it. Possible values range from 0 to 65535. The
default value is 0.
stack_gateway_ip_recycle_count
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to increment the IPv4 gateway address before
returning to the starting value. Possible values range from 0 to
65535. The default value is 0.
use_ipv6_addr_range_gateway
Specifies whether to use IP address range settings for the gateway.
Possible values are true and false.
The default value is false.
stack_gateway_ipv6_repeat
Specifies the gateway repeat count for the emulated device.
Possible values range from 0 to 65535. The default value is 0.
stack_gateway_ipv6_recycle_count
Specifies the gateway recycle count for the emulated device.
Possible values range from 0 to 65535. The default value is 0.
intf_prefix_len
Specifies the prefix length for the IPv6 address of the emulated
device. Possible values range from 1 to 32. The default is 24.
intf_ipv6_addr
Specifies the IPv6 address of the emulated device.
intf_ipv6_addr_step
Specifies the difference between interface IPv6 addresses of
consecutive devices when multiple emulated devices are created.
intf_ipv6_prefix_len
Specifies the prefix length for the IPv6 address of the emulated
device. Possible values range from 0 to 128. The default is 64.
ipv6_step_per_port
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment IPv6 addresses for
the device block per port
Dependency: block_mode or -expand
Values: IPv6
ipv6_step_per_vlan
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment IPv6 addresses for
the device block per VLAN
Dependency: block_mode or -expand
Values: IPv6
gateway_ipv6_addr
Specifies the IPv6 gateway address for the emulated device.
gateway_ipv6_addr_step
Specifies the difference between IPv6 gateway addresses of
consecutive devices when multiple emulated devices are created.
link_local_ipv6_addr
Specifies the starting link local IPv6 address for emulated
devices. The value must be in IPv6 format. The default is
FE80::0.
link_local_ipv6_addr_step
Specifies the difference between link local IPv6 addresses of
consecutive devices when multiple emulated devices are created.
The value must be in IPv6 format. The default is ::1.
link_local_ipv6_prefix_len
Specifies the prefix length for the link local IPv6 address of
the emulated device. Possible values range from 0 to 128. The
default is 64.
link_local_ipv6_step_per_port
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment link local IPv6
addresses for the device block per port
Dependency: block_mode or -expand
Values: IPv6
link_local_ipv6_step_per_vlan
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment link local IPv6
addresses for the device block per VLAN
Dependency: block_mode or -expand
Values: IPv6
ipv6_stack_count
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the number of IPv6 objects to be created. Possible
values range from 0 to 65535. The default value is 1.
stack_ipv6_repeat
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to repeat the same IPv6 address before
incrementing it. Possible values range from 0 to 65535. The
default value is 0.
stack_ipv6_recycle_count
`Spirent Extension (for Spirent HLTAPI only).`
Specifies how many times to increment the IPv6 address before
returning to the starting value. Possible values range from 0 to
65535. The default value is 0.
mac_addr
Specifies the MAC address of the emulated device.
mac_addr_step
Specifies the difference between MAC addresses of consecutive
devices when multiple emulated devices are created.
mac_addr_step_per_port
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment source MAC
addresses for the device block per port
Dependency: block_mode or -expand
Values: MAC
mac_addr_step_per_vlan
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the step value by which to increment source MAC
addresses for the device block per VLAN
Dependency: block_mode or -expand
Values: MAC
Example::
emulation macsec config
mode create
block_mode ONE_NETWORK_PER_BLOCK
ip_version ipv4
encapsulation ethernet_ii_vlan
port_handle $port1 $port2
vlan_user_pri 7
vlan_id 10
vlan_id_count 2
vlan_id_step 1
vlan_id_repeatmode REPEAT_ACROSS_LOWER_IF
vlan_outer_id 20
vlan_outer_id_step 2
vlan_outer_id_count 2
vlan_outer_id_repeatmode NO_REPEAT
count 1
expand true
mac_addr 00:10:94:00:00:02
mac_addr_step 00:00:00:00:00:01
intf_ip_addr 192.85.1.4
intf_prefix_len 24
gateway_ip_addr 192.85.1.1
gateway_ip_addr_step 0.0.0.0
intf_ip_addr_step 0.0.0.1
mac_addr_step_per_vlan {00:00:00:00:01:01 00:00:00:00:01:00}
mac_addr_step_per_port 00:00:00:01:00:00
ip_step_per_port 0.1.0.0
ip_step_per_vlan {0.0.1.1 0.0.1.0}
macsec_mode "static_cak"
cipher_suite gcmaes256
enable_xpn false
enable_sci true
port_id 1
port_id_step 1
association_number 0
association_number_step 1
peer_association_number 0
peer_association_number_step 1
encryption_offset none
replay_protection_window 0
session_key 255
session_key_step 1
static_cak_name "16 1"
static_cak_name_step "0 1"
static_cak_value "255 238 221 204 187 170 153
136 119 102 85 68 51 34 17 0 0 17 34
51 68 85 102 119 136 153 170 187 204 221 238 255"
static_cak_value_step "0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"
In argument "mac_addr_step_per_vlan", the first MAC address "00:00:00:00:01:01"
increments the outer VLAN and the second MAC address increments the inner VLAN.
mac_addr_step_per_vlan {00:00:00:00:01:01 00:00:00:00:01:00}
Similarly, in ip_step_per_vlan, the first IP address increments the outer VLAN
IP and the second address increments the inner VLAN IP.
qinq_incr_mode
Determines which VLAN ID to increment first. Possible values are::
inner - Increments the inner VLAN ID before the outer VLAN ID
outer - Increments the outer VLAN ID before the inner VLAN ID
both - Increment both the inner and outer VLAN ID at the same time
The default value is inner.
encapsulation
Specifies the type of Layer 2 encapsulation for the emulated
device. Possible values are::
ethernet_ii - Ethernet II
ethernet_ii_vlan - Ethernet II with a single VLAN tag
ethernet_ii_qinq - Ethernet II with two VLAN tags
ethernet_ii_mvlan - Ethernet II with more than two VLAN tags
(Specifies VLAN from the 3rd tag on. The
first two tags are specified with vlan_id,
vlan_outer_id, and their related arguments.)
The default value is ethernet_ii.
router_id_step
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the difference between consecutive router IDs when
multiple routers are created. The value must be in IPv4 format.
The default value is 0.0.0.1.
router_id_ipv6_step
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the difference between consecutive IPv6 router IDs when
multiple routers are created. The value must be in IPv6 format.
The default value is 0000::1.
ipv6_router_id_src
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the ipv6 router ID source.
Dependency: block_mode or -expand
Possible values are::
manual - Set source manually
use_ipv6_global_addr - Use IPv6 global address as source
use_ipv6_ll_add - Use IPv6 link local address as source
The default value is manual.
tos
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the ToS value of the IPv4 header. Possible values range
from 0 to 255. The default value is 192.
tos_type
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the ToS type of the IPv4 header. Possible values are
tos and diffserv. The default value is tos.
traffic_class
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the traffic class of the IPv6 header. Possible values
range from 0 to 255. The default value is 0.
use_default_phy_mac
`Spirent Extension (for Spirent HLTAPI only).`
Determines whether to use the source MAC address from the
physical interface. Possible values are true and false.
The default value is false.
vlan_id
Specifies the starting VLAN ID for the ethernet_ii_vlan
encapsulation or the ethernet_ii_qinq encapsulation. Possible
values range from 0 to 4095. The default value is 100. This
argument is available when encapsulation is set to
ethernet_ii_qinq or ethernet_ii_vlan.
vlan_id_count
Specifies the number of VLAN IDs to create. Possible values range
from 1 to 4096. The default value is 1.
vlan_id_step
Specifies the step size by which the VLAN ID is incremented.
Possible values range from 0 to 4095. The default value is 1.
vlan_id_repeat_count
`Spirent Extension (for Spirent HLTAPI only).`
Number of times to repeat the same VLAN ID before
incrementing it for the inner VLAN. The value must be an integer.
The default value is 0.
vlan_id_stack_count
Number of interfaces in this interface object.
The value must be an integer. The default value is 1.
vlan_id_repeatmode
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the repeat mode for the inner VLAN.
The default value is REPEAT_ACROSS_PORT.
NO_REPEAT VLAN IDs are not repeated.
REPEAT_ACROSS_PORT VLAN IDs are repeated from the starting VLAN ID on all ports.
REPEAT_ACROSS_LOWER_IF VLAN IDs are repeated from the starting VLAN ID
when the next lowerlevel interface (or port) changes.
vlan_user_pri
Specifies the VLAN user priority assigned to the emulated MACsec device.
Possible values range from 0 to 7. The default value is 0.
vlan_outer_id
Specifies the starting outer VLAN ID for the QinQ encapsulation.
Possible values range from 0 to 4095. The default value is 100.
This argument is available when encapsulation is set to
ethernet_ii_qinq.
vlan_outer_id_count
Specifies the number of outer VLAN IDs assigned to the emulated
MACsec device.
Possible values range from 1 to 4096. The default is 1.
vlan_outer_id_step
Specifies the step size by which the outer VLAN ID is
incremented. Possible values range from 0 to 4095. The default
value is 1.
vlan_outer_id_repeat_count
`Spirent Extension (for Spirent HLTAPI only).`
Number of times to repeat the same VLAN ID before
incrementing it for the outer VLAN. The value must be an integer.
The default value is 0.
vlan_outer_id_repeatmode
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the repeat mode for the outer VLAN.
The default value is REPEAT_ACROSS_PORT.
NO_REPEAT VLAN IDs are not repeated.
REPEAT_ACROSS_PORT VLAN IDs are repeated from the starting VLAN ID on all ports.
REPEAT_ACROSS_LOWER_IF VLAN IDs are repeated from the starting VLAN ID
when the next lowerlevel interface (or port) changes.
vlan_outer_user_pri
Specifies the VLAN priority to assign to the outer VLAN header.
Possible values range from 0 to 7. The default value is 0.
vlan_tpid
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the Ethernet type of VLAN for the device interface.
Possible values range from 0 to 65535. The default value is
33024.
vlan_outer_tpid
`Spirent Extension (for Spirent HLTAPI only).`
Specifies the Ethernet type of outer VLAN for the device
interface. Possible values range from 0 to 65535. The default
value is 33024.
vlan_cfi
Specifies the canonical format indicator (CFI) field in VLAN
for the emulated device. Possible values are 0 (Ethernet)
and 1 (Token Ring). The default is 1.
vlan_outer_cfi
Specifies the CFI field in the outer VLAN for the emulated
device. Possible values are 0 (Ethernet) and 1 (Token Ring). The
default is 1.
vlan_id_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of VLAN IDs for the ethernet_ii_mvlan
encapsulation. Possible values range from 0 to 4095. The default
value is 100.
vlan_id_step_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of VLAN step values for the ethernet_ii_mvlan
encapsulation. Possible values range from 0 to 4095. The default
value is 1.
vlan_id_count_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of numbers of VLAN IDs for the ethernet_ii_mvlan
encapsulation. Possible values range from 0 to 4095. The default
value is 100.
vlan_tpid_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of VLAN TPIDs for ethernet_ii_mvlan
encapsulation. Possible values range from 0 to 65535. The default
value is 33024.
vlan_user_pri_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of VLAN priorities for the ethernet_ii_mvlan
encapsulation. Possible values range from 0 to 7. The default
value is 0.
vlan_id_repeat_count_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of numbers of times to repeat the corresponding
VLAN IDs before incrementing them. The value must be an integer.
The default value is 0. This argument is available when
encapsulation is set to ethernet_ii_mvlan.
vlan_cfi_list
`Spirent Extension (for Spirent HLTAPI only).`
Specifies a list of CFI values for ethernet_ii_mvlan
encapsulation. Possible values are 0 (Ethernet) and 1 (Token
Ring). The default value is 1.
name
A text name for the emulated MACsec device. If block_mode is specified,
block_name_index will be appended to the name of the emulated MACsec
device.
block_name_index
Specifies the start value of the index for the MACsec device name.
Dependency: block_mode
count_block_per_port
Specifies the block count per port.
Dependency: expand and -block_mode
count_per_block
Specifies the MACsec device count per block.
Dependency: expand and -block_mode
enable_rfc4814_addresses
Specifies to enable or disable the generation of MAC addresses
according to RFC 4814.
Possible values are true and false. The default value is false.
Dependency: expand and -block_mode
random_seed_value
Specifies the seed value for the random number generator used
in generating RFC 4814 MAC addresses.
The default value is true.
Dependency: expand, -block_mode and enable_rfc4814_addresses
macsec_mode
Specifies the MACsec device mode.
Possible values are::
static_sak secure association key
static_cak connectivity association key
The default value is static_sak.
cipher_suite
Specifies to select the suite to use.
Possible values are gcmaes128 and gcmaes256.
The default value is gcmaes128.
enable_xpn
Specifies to enable or disable the extended packet number.
Possible values are true (enable) and false (disable).
The default value is false.
enable_sci
Specifies to include or exclude the SCI (Secure Channel Identifier)
in the MACsec Tag.
Possible values are true (include) and false (exclude).
The default value is false.
port_id
Specifies the value of the first port ID.
Available when enable SCI is selected.
The default value is 1.
port_id_step
Specifies to increment the value of the port ID.
Available when enable SCI is selected.
The default value is 1.
association_number
Specifies the value of the first association number.
Available when enable SCI is selected.
The default value is 0.
association_number_step
Specifies to increment the value of the association number.
Available when enable SCI is selected.
The default value is 1.
peer_association_number
Specifies the value of the first peer association number.
Available when enable SCI is selected.
The default value is 0.
peer_association_number_step
Specifies to increment the value of the peer association number.
Available when enable SCI is selected.
The default value is 1.
peer_mac
Specifies the peer MAC address.
Available when enable SCI is selected.
The default value is 00:10:94:00:00:01.
peer_mac_step
Specifies the peer MAC address step.
Available when enable SCI is selected.
The default value is 00:00:00:00:00:01.
encryption_offset
Specifies the encryption offset option.
Possible values are none, vlan, ipv4, ipv6 and all.
The default value is none.
vlan_tags
Specifies the number of VLAN headers.
Dependency: encryption_offset vlan
The default value is 1.
replay_protection_window
Specifies the length of the replay protection window.
Possible values are 0-65535.
The default value is 0.
session_key
Specifies the value of the first session key.
Possible values are 32 or 64 bit hexadecimal value.
session_key_step
Specifies the step value of the session key.
Possible values are 32 or 64 bit hexadecimal value.
static_cak_name
Specifies the value of the first static cak name.
Dependency: macsec_mode static_cak
Possible values are 32 or 64bit hexadecimal value.
If cipher_suite is gcmaes128 then the value
should be 32bit hex.
If cipher_suite is gcmaes256 then the value
should be 64bit hex.
static_cak_name_step
Specifies the step value of the static cak name.
Dependency: macsec_mode static_cak
Possible values are 32 or 64bit hexadecimal value.
If cipher_suite is gcmaes128 then the value
should be 32bit hex.
If cipher_suite is gcmaes256 then the value
should be 64bit hex.
static_cak_value
Specifies the value of the first static cak value.
Dependency: macsec_mode static_cak
Possible values are 32 or 64bit hexadecimal value.
If cipher_suite is gcmaes128 then the value
should be 32bit hex.
If cipher_suite is gcmaes256 then the value
should be 64bit hex.
static_cak_value_step
Specifies the step value of the static cak value.
Dependency: macsec_mode static_cak
Possible values are 32 or 64bit hexadecimal value.
If cipher_suite is gcmaes128 then the value
should be 32bit hex.
If cipher_suite is gcmaes256 then the value
should be 64bit hex.
- Return Values:
Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):
status $SUCCESS (1) or $FAILURE (0) log Error message if command returns {status 0} handle The host handle handle_list The host handle or the emulated device handles list when expand is set true.
- Description:
The
emulation macsec config
function creates, modifies and deletes one or more emulated MACsec hosts on the specified port. Use the mode argument to specify the action to perform. (See the mode argument description for information about the actions.)When you create an emulated MACsec host, use the port_handle argument to specify the Spirent HLTAPI port that the emulated MACsec device will use. (The port handle value is contained in the keyed list returned by the connect function.) The create mode returns the handle of the host.
Use this function when you want to create a device without configuring a protocol. You can enable a protocol on the created device if you need it later. You can also use the created device as the source or destination handle when you create a bound stream.
- Examples:
The following example creates an emulated MACsec device:
set devcie_ret1 [::emulation macsec config mode= create ip_version= ipv4 encapsulation= ethernet_ii port_handle= port1 count= 1 enable_ping_response= 0 router_id= 192.0.0.1 mac_addr= 00:10:94:00:00:01 mac_addr_step= 00:00:00:00:00:01 resolve_gateway_mac= true gateway_ip_addr_step= 0.0.0.0 intf_ip_addr= 1.1.1.2 intf_prefix_len= 24 gateway_ip_addr= 1.1.1.1 intf_ip_addr_step= 0.0.0.1 name= MACSEC_Client1 macsec_mode= "static_cak" cipher_suite= gcmaes256 enable_xpn= false enable_sci= true port_id= 1 port_id_step= 1 association_number= 0 association_number_step= 1 peer_association_number= 0 peer_association_number_step= 1 encryption_offset= none replay_protection_window= 0 session_key= 255 session_key_step= 1 static_cak_name= "16 1" static_cak_name_step= "0 1" static_cak_value= "255 238 221 204 187 170 153 136 119 102 85 68 51 34 17 0 0 17 34 51 68 85 102 119 136 153 170 187 204 221 238 255" static_cak_value_step= "0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"
]
Sample Output:
{handle host1} {handle_list host1} {macsec_handle macsecsupplicantblockconfig1} {macsec_handle_list macsecsupplicantblockconfig1} {status 1}The following example deletes all MACsec devices:
set returnedString [emulation macsec config mode= delete handle= all]
End of Procedure Header
emulation macsec control¶
Execute Tester Command ${rt_handle} command=test_control <additional key=value arguments>
- Purpose:
- Starts, stops MACsec tests for the specified port.
Synopsis:
Note: M indicates the argument is `Mandatory`.
emulation macsec control
port_handle= <port_handle or port_handle list> M
handle= <macsec device or macsec device list>
action= {start|stop} M
Arguments:
port_handle
Specifies a list of ports on which to to perform the actions.
You must specify either handle or -port_handle, but
not both.
handle
Specifies a list of PTP devices on which to perform the
action. You must specify either handle or -port_handle, but not
both.
action
Specifies the action to be taken on the specified port handle.
This argument is `Mandatory`. Possible values are:
start
Start MACsec authentication requests for supplicant(s).
stop
Abort pending MACsec authentication requests for supplicant(s).
- Return Values:
Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):
status Success (1) or failure (0) of the operation. log An error message (if the operation failed).
- Description:
- The
emulation macsec control
function controls the MACsec traffic through the specified ports. You can use the function to perform start/abort MACsec authentication.
Examples:
To start the MACsec authentication on the specified ports:
emulation macsec control port_handle="port1 port2" action= startSample Output:
{status 1}
emulation macsec stats¶
Execute Tester Command ${rt_handle} command=test_control <additional key=value arguments>
- Purpose:
- Returns MACsec test results from Spirent TestCenter IQ.
Synopsis:
Note: M indicates the argument is `Mandatory`.
emulation macsec stats
port_handle= <port_handle or port_handle list> M
result_type= {macsec_supplicant_block_stats} M
clear_db= {0|1}
Arguments:
port_handle
Specifies a list of ports on which MACsec test will
start and stop the authentication requests. It is
`Mandatory` that you specify port_handle.
result_type
Specifies the type of MACsec results. This
argument is `Mandatory`. Possible values are::
macsec_supplicant_block_stats
Returns MACsec supplicant block statistics
from Spirent TestCenter IQ.
clear_db
Specifies to stop and delete the Spirent TestCenter IQ database
at the end of the test.
Possible values are 0 and 1.
If the value is set to 1, test will stop and delete the database.
If the value is set to 0, test will not stop and delete the database.
Default is 1.
- Return Values:
Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):
status Retrieves a value indicating the success (1) or failure (0) of the operation. log Retrieves a message describing the last error that occurred during the operation. If the operation was successful - {status 1} - the log value is null.
The following keys are returned when you specify result_type macsec_supplicant_block_stats:
<port_handle>.<rownumber>.emulated_device_name <port_handle>.<rownumber>.auth_state <port_handle>.<rownumber>.auth_supplicant_count <port_handle>.<rownumber>.mk_pdu_tx <port_handle>.<rownumber>.mk_pdu_rx <port_handle>.<rownumber>.mk_pdu_malformed_rx <port_handle>.<rownumber>.live_peer_count <port_handle>.<rownumber>.icv_mismatch <port_handle>.<rownumber>.non_macsec_packet_rx <port_handle>.<rownumber>.valid_packet_rx <port_handle>.<rownumber>.bad_packet_rx <port_handle>.<rownumber>.encrypted_packet_tx <port_handle>.<rownumber>.encrypted_bytes_tx <port_handle>.<rownumber>.decrypted_bytes_rx
- Description:
The
emulation macsec stats
function provides information about ports specified for the MACsec configuration. JSON package is required to use emulation_macsec_stats function as it internally returns values in JSON format.This function returns the requested data and a status value (1 for success). If there is an error, the function returns the status value (0) and an error message. Function return values are converted from JSON format to a keyed list (supported by the Tcl extension software - TclX). Use the TclX function keylget to retrieve data from the keyed list.
Examples:
To retrieve MACsec supplicant block statistics from the specified port:
emulation macsec stats port_handle= port1 result_type= macsec_supplicant_block_statsSample Output:
{port1 {{macsec_supplicant_block_stats {{0 {{emulated_device_name Host 1} {auth_state AUTHENTICATING} {auth_supplicant_count 0} {mk_pdu_tx 0} {mk_pdu_rx 0} {mk_pdu_malformed_rx 0} {live_peer_count 0} {icv_mismatch 0} {non_macsec_packet_rx 0} {valid_packet_rx 0} {bad_packet_rx 0} {encrypted_packet_tx 0} {encrypted_bytes_tx 0} {decrypted_bytes_rx 0}}}}}}} {status 1}End of Procedure Header