Device Configuration Functions¶

sth::emulation_macsec_config¶

Purpose¶

Spirent Extension (for Spirent HLTAPI only).

Used to configure, modify or delete emulated MACsec devices.

Synopsis¶

Note

M indicates that the argument is Mandatory .
S indicates the argument is for scaling scenarios.

sth::emulation_macsec_config
      [-mode {create|modify|delete}  M]
      [-port_handle <port_handle>]
      [-handle < device_handle>]
      [-block_mode {one_host_per_block|one_device_per_block|
                          one_network_per_block|
                          multiple_networks_per_block|
                          multiple_device_per_block} S]
      [-expand {true|false} S]
      [-count <integer>]
      [-encapsulation {ethernet_ii|ethernet_ii_vlan|ethernet_ii_qinq|ethernet_ii_mvlan}]
      [-enable_ping_response {1|0}]
      [-enable_gw_learning {true|false}]
      [-gateway_mac <aa:bb:cc:dd:ee:ff>]
      [-resolve_gateway_mac {true|false}]
      [-ipv6_gateway_mac <aa:bb:cc:dd:ee:ff>]
      [-ipv6_resolve_gateway_mac {true|false}]
      [-ip_version {ipv4|ipv6|ipv46|none}]
      [-intf_ip_addr <a.b.c.d>]
      [-intf_ip_addr_step <a.b.c.d>]
      [-ip_stack_count <0-65535>]
      [-ip_step_per_port <a.b.c.d>]
      [-ip_step_per_vlan <a.b.c.d>]
      [-stack_ip_repeat <0-65535>]
      [-stack_ip_recycle_count <0-65535>]
      [-gateway_ip_addr <a.b.c.d>]
      [-gateway_ip_addr_step <a.b.c.d>]
      [-use_ip_addr_range_gateway {true|false}]
      [-stack_gateway_ip_repeat <0-65535>]
      [-stack_gateway_ip_recycle_count <0-65535>]
      [-use_ipv6_addr_range_gateway {true|false}]
      [-stack_gateway_ipv6_repeat <0-65535>]
      [-stack_gateway_ipv6_recycle_count <0-65535>]
      [-gateway_ipv6_addr <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-gateway_ipv6_addr_step <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh> ]
      [-intf_prefix_len <1-32>]
      [-intf_ipv6_addr <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh> ]
      [-intf_ipv6_addr_step <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-intf_ipv6_prefix_len <1-128>]
      [-ipv6_step_per_port <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-ipv6_step_per_vlan <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-link_local_ipv6_addr <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-link_local_ipv6_addr_step <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-link_local_ipv6_prefix_len <0-128>]
      [-link_local_ipv6_step_per_port <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-link_local_ipv6_step_per_vlan <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-ipv6_stack_count <0-65535>]
      [-stack_ipv6_repeat <0-65535>]
      [-stack_ipv6_recycle_count <0-65535>]
      [-mac_addr <aa:bb:cc:dd:ee:ff>]
      [-mac_addr_step <aa:bb:cc:dd:ee:ff>]
      [-mac_addr_step_per_port <aa:bb:cc:dd:ee:ff>]
      [-mac_addr_step_per_vlan <aa:bb:cc:dd:ee:ff>]
      [-qinq_incr_mode {inner|outer|both}]
      [-router_id <a.b.c.d>]
      [-router_id_ipv6 <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-router_id_step <a.b.c.d>]
      [-router_id_ipv6_step <aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh>]
      [-ipv6_router_id_src {manual|use_ipv6_global_addr|use_ipv6_ll_add}]
      [-tos <0-255>]
      [-tos_type {tos|diffserv}]
      [-traffic_class <0-255>]
      [-use_default_phy_mac {true|false}]
      [-vlan_id <0-4095>]
      [-vlan_id_count <1-4096>]
      [-vlan_id_step <0-4095>]
      [-vlan_id_repeat_count <0-4294967295>]
      [-vlan_id_stack_count <NUMERIC>]
      [-vlan_id_repeatmode <REPEAT_ACROSS_PORT  | NO_REPEAT | REPEAT_ACROSS_LOWER_IF>]
      [-vlan_user_pri <0-7>]
      [-vlan_outer_id <0-4095>]
      [-vlan_outer_id_count <1-4096>]
      [-vlan_outer_id_step <0-4095>]
      [-vlan_outer_id_repeat_count <0-4294967295>]
      [-vlan_outer_id_repeatmode <REPEAT_ACROSS_PORT  | NO_REPEAT | REPEAT_ACROSS_LOWER_IF>]
      [-vlan_outer_user_pri <0-7>]
      [-vlan_tpid <0-65535>]
      [-vlan_cfi <0-1>]
      [-vlan_outer_tpid <0-65535>]
      [-vlan_outer_cfi <0-1>]
      [-vlan_id_list <0-4095>]
      [-vlan_id_step_list <0-4095>]
      [-vlan_id_count_list <0-4095>]
      [-vlan_user_pri_list <0-7>]
      [-vlan_id_repeat_count_list <0-4294967295>]
      [-vlan_tpid_list <0-65535>]
      [-vlan_cfi_list <0-65535>]
      [-name <string>]
      [-block_name_index <0-4294967295>]
      [-count_per_block <integer>]
      [-count_block_per_port <integer>]
      [-enable_rfc4814_addresses {true|false}]
      [-random_seed_value <numeric>]
      [-macsec_mode {static_sak|static_cak}]
      [-vlan_tags <NUMERIC>]
      [-cipher_suite {gcmaes128|gcmaes256}]
      [-enable_xpn {true|false}]
      [-enable_sci {true|false}]
      [-port_id <NUMERIC>]
      [-port_id_step <NUMERIC>]
      [-association_number <NUMERIC>]
      [-association_number_step <NUMERIC>]
      [-peer_association_number <NUMERIC>]
      [-peer_association_number_step <NUMERIC>]
      [-peer_mac <aa:bb:cc:dd:ee:ff>]
      [-peer_mac_step <aa:bb:cc:dd:ee:ff>]
      [-start_pkt_num <NUMERIC>]
      [-encryption_offset {none|vlan|ipv4|ipv6|all}]
      [-replay_protection_window <NUMERIC>]
      [-session_key <HEX>]
      [-session_key_step <HEX>]
      [-static_cak_name <HEX>]
      [-static_cak_name_step <HEX>]
      [-static_cak_value  <HEX>]
      [-static_cak_value_step <HEX>]

Arguments¶

-port_handle¶: Specifies the port on which to create the emulated MACsec device. This handle is returned by the sth::connect function. It is Mandatory for -mode create.

-handle¶: Specifies the MACsec device handle. This argument is Mandatory for -mode modify and delete. For -mode delete, you can also specify the value all, to delete all devices.

Note

-handle all is only valid for -mode delete.

-mode¶

Specifies the action to perform on the test port. This argument is mandatory. Possible values are:

create - Creates the MACsec device on the specified port. You must
         specify -port_handle.

modify - Modifies the configured MACsec device identified by -handle.

delete - Deletes the emulated MACsec device identified by -handle.

-block_mode¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the device block mode. Emulated device objects may be used to represent a single device or a block of many devices for higher scalability. Emulated device blocks are not supported by all protocols (for example, routing protocols) and have less granularity of control at the protocol level and in traffic configuration. Possible values are described below:

one_device_per_block          One emulated device block is created
                              for each device

one_network_per_block         One emulated device block is created
                              for each network

multiple_networks_per_block   One emulated device block may represent
                              multiple networks. Note that there
                              are limitations to what can be
                              represented as a single emulated
                              device block using this mode .

multiple_device_per_block     Multiple devices per block

This argument is available for -mode create.

-expand¶

Spirent Extension (for Spirent HLTAPI only).

Determines whether to expand the specified device parameters into emulated device objects during Scaling test scenarios. This argument is used in Scaling test scenarios, and available for -mode create, and working together with -block_mode. Possible values are true and false.

If it is set to true, a list of emulated devices will be created and their handles returned.

If it is set to false, param_handle will be returned, which can be passed to protocol configuration APIs, for example:

-mode activate in sth::emulation_isis_config.

-count¶: Specifies the number of emulated devices to be created. The default value is 1.

-router_id¶: Specifies the router ID of the emulated device. The value must be in IPv4 format.

-router_id_ipv6¶: Specifies the IPv6 router ID of the emulated device. The value must be in IPv6 format.

-enable_ping_response¶: Enables or disables the emulated device to respond to ping. Possible values are 0 (disable) and 1 (enable). The default is 0.

-enable_gw_learning¶

Spirent Extension (for Spirent HLTAPI only).

Enables or disables IPv6 learning for the gateway IP and MAC addresses. Possible values are true (enable) and false (disable). The default value is false.

-gateway_mac¶: Specifies the IPv4 gateway’s MAC address for the emulated device. The default value is 00:00:01:00:00:01.

-resolve_gateway_mac¶: Determines whether to resolve the IPv4 gateway’s MAC address. Possible values are true and false. The default value is true.

-ipv6_gateway_mac¶: Specifies the IPv6 gateway’s MAC address for the emulated device. The default value is 00:00:01:00:00:01.

-ipv6_resolve_gateway_mac¶: Determines whether to resolve the IPv6 gateway’s MAC address. Possible values are true and false. The default value is true.

-ip_version¶: Defines the IP version of the emulated device. Possible values are ipv4, ipv6, ipv46, and none. The default value is ipv4.

-intf_ip_addr¶: Specifies the IPv4 address of the emulated device. The default value is 192.85.1.3.

-intf_ip_addr_step¶: Specifies the difference between IPv4 interface addresses of consecutive devices when multiple emulated devices are created. The value must be in IPv4 format. The default is 0.0.0.1.

-ip_stack_count¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the number of IPv4 objects to be created. Possible values range from 0 to 65535. The default value is 1.

-ip_step_per_port¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment IPv4 addresses for the device block per port

Dependency: -block_mode or -expand

Values: IPv4

-ip_step_per_vlan¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment IPv4 addresses for the device block per VLAN

Dependency: -block_mode or -expand

Values: IPv4

-stack_ip_repeat¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to repeat the same IPv4 address before incrementing it. Possible values range from 0 to 65535. The default value is 0.

-stack_ip_recycle_count¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to increment the IPv4 address before returning to the starting value. Possible values range from 0 to 65535. The default value is 0.

-gateway_ip_addr¶: Specifies the IPv4 gateway address for the emulated device.

-gateway_ip_addr_step¶: Specifies the difference between IPv4 gateway addresses of consecutive devices when multiple emulated devices are created. The default value is 0.0.0.1.

-use_ip_addr_range_gateway¶: Specifies the same settings for gateway as the IP address range parameters Possible values are true and false. The default value is false.

-stack_gateway_ip_repeat¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to repeat the same IPv4 gateway address before incrementing it. Possible values range from 0 to 65535. The default value is 0.

-stack_gateway_ip_recycle_count¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to increment the IPv4 gateway address before returning to the starting value. Possible values range from 0 to 65535. The default value is 0.

-use_ipv6_addr_range_gateway¶: Specifies whether to use IP address range settings for the gateway. Possible values are true and false. The default value is false.

-stack_gateway_ipv6_repeat¶: Specifies the gateway repeat count for the emulated device. Possible values range from 0 to 65535. The default value is 0.

-stack_gateway_ipv6_recycle_count¶: Specifies the gateway recycle count for the emulated device. Possible values range from 0 to 65535. The default value is 0.

-intf_prefix_len¶: Specifies the prefix length for the IPv6 address of the emulated device. Possible values range from 1 to 32. The default is 24.

-intf_ipv6_addr¶: Specifies the IPv6 address of the emulated device.

-intf_ipv6_addr_step¶: Specifies the difference between interface IPv6 addresses of consecutive devices when multiple emulated devices are created.

-intf_ipv6_prefix_len¶: Specifies the prefix length for the IPv6 address of the emulated device. Possible values range from 0 to 128. The default is 64.

-ipv6_step_per_port¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment IPv6 addresses for the device block per port

Dependency: -block_mode or -expand

Values: IPv6

-ipv6_step_per_vlan¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment IPv6 addresses for the device block per VLAN

Dependency: -block_mode or -expand

Values: IPv6

-gateway_ipv6_addr¶: Specifies the IPv6 gateway address for the emulated device.

-gateway_ipv6_addr_step¶: Specifies the difference between IPv6 gateway addresses of consecutive devices when multiple emulated devices are created.

-link_local_ipv6_addr¶: Specifies the starting link local IPv6 address for emulated devices. The value must be in IPv6 format. The default is FE80::0.

-link_local_ipv6_addr_step¶: Specifies the difference between link local IPv6 addresses of consecutive devices when multiple emulated devices are created. The value must be in IPv6 format. The default is ::1.

-link_local_ipv6_prefix_len¶: Specifies the prefix length for the link local IPv6 address of the emulated device. Possible values range from 0 to 128. The default is 64.

-link_local_ipv6_step_per_port¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment link local IPv6 addresses for the device block per port

Dependency: -block_mode or -expand

Values: IPv6

-link_local_ipv6_step_per_vlan¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment link local IPv6 addresses for the device block per VLAN

Dependency: -block_mode or -expand

Values: IPv6

-ipv6_stack_count¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the number of IPv6 objects to be created. Possible values range from 0 to 65535. The default value is 1.

-stack_ipv6_repeat¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to repeat the same IPv6 address before incrementing it. Possible values range from 0 to 65535. The default value is 0.

-stack_ipv6_recycle_count¶

Spirent Extension (for Spirent HLTAPI only).

Specifies how many times to increment the IPv6 address before returning to the starting value. Possible values range from 0 to 65535. The default value is 0.

-mac_addr¶: Specifies the MAC address of the emulated device.

-mac_addr_step¶: Specifies the difference between MAC addresses of consecutive devices when multiple emulated devices are created.

-mac_addr_step_per_port¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment source MAC addresses for the device block per port

Dependency: -block_mode or -expand

Values: MAC

-mac_addr_step_per_vlan¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the step value by which to increment source MAC addresses for the device block per VLAN

Dependency: -block_mode or -expand

Values: MAC

Example::

sth::emulation_macsec_config

-mode create

-block_mode ONE_NETWORK_PER_BLOCK

-ip_version ipv4

-encapsulation ethernet_ii_vlan

-port_handle $port1 $port2

-vlan_user_pri 7

-vlan_id 10

-vlan_id_count 2

-vlan_id_step 1

-vlan_id_repeatmode

REPEAT_ACROSS_LOWER_IF

-vlan_outer_id 20

-vlan_outer_id_step

2

-vlan_outer_id_count

2

-vlan_outer_id_repeatmode

NO_REPEAT

-count 1

-expand true

-mac_addr 00:10:94:00:00:02

-mac_addr_step 00:00:00:00:00:01

-intf_ip_addr 192.85.1.4

-intf_prefix_len

24

-gateway_ip_addr

192.85.1.1

-gateway_ip_addr_step

0.0.0.0

-intf_ip_addr_step

0.0.0.1

-mac_addr_step_per_vlan

{00:00:00:00:01:01 00:00:00:00:01:00}

-mac_addr_step_per_port

00:00:00:01:00:00

-ip_step_per_port

0.1.0.0

-ip_step_per_vlan

{0.0.1.1 0.0.1.0}

-macsec_mode “static_cak”

-cipher_suite gcmaes256

-enable_xpn false

-enable_sci true

-port_id 1

-port_id_step 1

-association_number

0

-association_number_step

1

-peer_association_number

0

-peer_association_number_step

1

-encryption_offset

none

-replay_protection_window

0

-session_key 255

-session_key_step

1

-static_cak_name

“16 1”

-static_cak_name_step

“0 1”

-static_cak_value

“255 238 221 204 187 170 153 136 119 102 85 68 51 34 17 0 0 17 34 51 68 85 102 119 136 153 170 187 204 221 238 255”

-static_cak_value_step

“0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0”

In argument “-mac_addr_step_per_vlan”, the first MAC address “00:00:00:00:01:01” increments the outer VLAN and the second MAC address increments the inner VLAN. -mac_addr_step_per_vlan {00:00:00:00:01:01 00:00:00:00:01:00}Similarly, in -ip_step_per_vlan, the first IP address increments the outer VLAN IP and the second address increments the inner VLAN IP.

-qinq_incr_mode¶

Determines which VLAN ID to increment first. Possible values are:

inner - Increments the inner VLAN ID before the outer VLAN ID

outer - Increments the outer VLAN ID before the inner VLAN ID

both - Increment both the inner and outer VLAN ID at the same time

The default value is inner.

-encapsulation¶

Specifies the type of Layer 2 encapsulation for the emulated device. Possible values are:

ethernet_ii - Ethernet II

ethernet_ii_vlan - Ethernet II with a single VLAN tag

ethernet_ii_qinq - Ethernet II with two VLAN tags

ethernet_ii_mvlan - Ethernet II with more than two VLAN tags
                    (Specifies VLAN from the 3rd tag on. The
                    first two tags are specified with vlan_id,
                    vlan_outer_id, and their related arguments.)

The default value is ethernet_ii.

-router_id_step¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the difference between consecutive router IDs when multiple routers are created. The value must be in IPv4 format. The default value is 0.0.0.1.

-router_id_ipv6_step¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the difference between consecutive IPv6 router IDs when multiple routers are created. The value must be in IPv6 format. The default value is 0000::1.

-ipv6_router_id_src¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the ipv6 router ID source.

Dependency: -block_mode or -expand

Possible values are:

manual - Set source manually

use_ipv6_global_addr - Use IPv6 global address as source

use_ipv6_ll_add - Use IPv6 link local address as source

The default value is manual.

-tos¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the ToS value of the IPv4 header. Possible values range from 0 to 255. The default value is 192.

-tos_type¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the ToS type of the IPv4 header. Possible values are tos and diffserv. The default value is tos.

-traffic_class¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the traffic class of the IPv6 header. Possible values range from 0 to 255. The default value is 0.

-use_default_phy_mac¶

Spirent Extension (for Spirent HLTAPI only).

Determines whether to use the source MAC address from the physical interface. Possible values are true and false. The default value is false.

-vlan_id¶: Specifies the starting VLAN ID for the ethernet_ii_vlan encapsulation or the ethernet_ii_qinq encapsulation. Possible values range from 0 to 4095. The default value is 100. This argument is available when -encapsulation is set to ethernet_ii_qinq or ethernet_ii_vlan.

-vlan_id_count¶: Specifies the number of VLAN IDs to create. Possible values range from 1 to 4096. The default value is 1.

-vlan_id_step¶: Specifies the step size by which the VLAN ID is incremented. Possible values range from 0 to 4095. The default value is 1.

-vlan_id_repeat_count¶

Spirent Extension (for Spirent HLTAPI only).

Number of times to repeat the same VLAN ID before incrementing it for the inner VLAN. The value must be an integer. The default value is 0.

-vlan_id_stack_count¶: Number of interfaces in this interface object. The value must be an integer. The default value is 1.

-vlan_id_repeatmode¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the repeat mode for the inner VLAN. The default value is REPEAT_ACROSS_PORT.

NO_REPEAT VLAN IDs are not repeated. REPEAT_ACROSS_PORT VLAN IDs are repeated from the starting VLAN ID on all ports. REPEAT_ACROSS_LOWER_IF VLAN IDs are repeated from the starting VLAN ID

when the next lower-level interface (or port) changes.

-vlan_user_pri¶: Specifies the VLAN user priority assigned to the emulated MACsec device. Possible values range from 0 to 7. The default value is 0.

-vlan_outer_id¶: Specifies the starting outer VLAN ID for the QinQ encapsulation. Possible values range from 0 to 4095. The default value is 100. This argument is available when -encapsulation is set to ethernet_ii_qinq.

-vlan_outer_id_count¶: Specifies the number of outer VLAN IDs assigned to the emulated MACsec device. Possible values range from 1 to 4096. The default is 1.

-vlan_outer_id_step¶: Specifies the step size by which the outer VLAN ID is incremented. Possible values range from 0 to 4095. The default value is 1.

-vlan_outer_id_repeat_count¶

Spirent Extension (for Spirent HLTAPI only).

Number of times to repeat the same VLAN ID before incrementing it for the outer VLAN. The value must be an integer. The default value is 0.

-vlan_outer_id_repeatmode¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the repeat mode for the outer VLAN. The default value is REPEAT_ACROSS_PORT.

NO_REPEAT VLAN IDs are not repeated. REPEAT_ACROSS_PORT VLAN IDs are repeated from the starting VLAN ID on all ports. REPEAT_ACROSS_LOWER_IF VLAN IDs are repeated from the starting VLAN ID

when the next lower-level interface (or port) changes.

-vlan_outer_user_pri¶: Specifies the VLAN priority to assign to the outer VLAN header. Possible values range from 0 to 7. The default value is 0.

-vlan_tpid¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the Ethernet type of VLAN for the device interface. Possible values range from 0 to 65535. The default value is 33024.

-vlan_outer_tpid¶

Spirent Extension (for Spirent HLTAPI only).

Specifies the Ethernet type of outer VLAN for the device interface. Possible values range from 0 to 65535. The default value is 33024.

-vlan_cfi¶: Specifies the canonical format indicator (CFI) field in VLAN for the emulated device. Possible values are 0 (Ethernet) and 1 (Token Ring). The default is 1.

-vlan_outer_cfi¶: Specifies the CFI field in the outer VLAN for the emulated device. Possible values are 0 (Ethernet) and 1 (Token Ring). The default is 1.

-vlan_id_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of VLAN IDs for the ethernet_ii_mvlan encapsulation. Possible values range from 0 to 4095. The default value is 100.

-vlan_id_step_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of VLAN step values for the ethernet_ii_mvlan encapsulation. Possible values range from 0 to 4095. The default value is 1.

-vlan_id_count_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of numbers of VLAN IDs for the ethernet_ii_mvlan encapsulation. Possible values range from 0 to 4095. The default value is 100.

-vlan_tpid_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of VLAN TPIDs for ethernet_ii_mvlan encapsulation. Possible values range from 0 to 65535. The default value is 33024.

-vlan_user_pri_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of VLAN priorities for the ethernet_ii_mvlan encapsulation. Possible values range from 0 to 7. The default value is 0.

-vlan_id_repeat_count_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of numbers of times to repeat the corresponding VLAN IDs before incrementing them. The value must be an integer. The default value is 0. This argument is available when -encapsulation is set to ethernet_ii_mvlan.

-vlan_cfi_list¶

Spirent Extension (for Spirent HLTAPI only).

Specifies a list of CFI values for ethernet_ii_mvlan encapsulation. Possible values are 0 (Ethernet) and 1 (Token Ring). The default value is 1.

-name¶: A text name for the emulated MACsec device. If -block_mode is specified, -block_name_index will be appended to the name of the emulated MACsec device.

-block_name_index¶

Specifies the start value of the index for the MACsec device name.

Dependency: -block_mode

-count_block_per_port¶

Specifies the block count per port.

Dependency: -expand and -block_mode

-count_per_block¶

Specifies the MACsec device count per block.

Dependency: -expand and -block_mode

-enable_rfc4814_addresses¶

Specifies to enable or disable the generation of MAC addresses according to RFC 4814. Possible values are true and false. The default value is false.

Dependency: -expand and -block_mode

-random_seed_value¶

Specifies the seed value for the random number generator used in generating RFC 4814 MAC addresses. The default value is true.

Dependency: -expand, -block_mode and -enable_rfc4814_addresses

-macsec_mode¶

Specifies the MACsec device mode. Possible values are:

static_sak               secure association key
static_cak               connectivity association key

The default value is static_sak.

-cipher_suite¶: Specifies to select the suite to use. Possible values are gcmaes128 and gcmaes256. The default value is gcmaes128.

-enable_xpn¶: Specifies to enable or disable the extended packet number. Possible values are true (enable) and false (disable). The default value is false.

-enable_sci¶: Specifies to include or exclude the SCI (Secure Channel Identifier) in the MACsec Tag. Possible values are true (include) and false (exclude). The default value is false.

-port_id¶: Specifies the value of the first port ID. Available when enable SCI is selected. The default value is 1.

-port_id_step¶: Specifies to increment the value of the port ID. Available when enable SCI is selected. The default value is 1.

-association_number¶: Specifies the value of the first association number. Available when enable SCI is selected. The default value is 0.

-association_number_step¶: Specifies to increment the value of the association number. Available when enable SCI is selected. The default value is 1.

-peer_association_number¶: Specifies the value of the first peer association number. Available when enable SCI is selected. The default value is 0.

-peer_association_number_step¶: Specifies to increment the value of the peer association number. Available when enable SCI is selected. The default value is 1.

-peer_mac¶: Specifies the peer MAC address. Available when enable SCI is selected. The default value is 00:10:94:00:00:01.

-peer_mac_step¶: Specifies the peer MAC address step. Available when enable SCI is selected. The default value is 00:00:00:00:00:01.

-encryption_offset¶: Specifies the encryption offset option. Possible values are none, vlan, ipv4, ipv6 and all. The default value is none.

-vlan_tags¶

Specifies the number of VLAN headers.

Dependency: -encryption_offset vlan

The default value is 1.

-replay_protection_window¶: Specifies the length of the replay protection window. Possible values are 0-65535. The default value is 0.

-session_key¶: Specifies the value of the first session key. Possible values are 32 or 64 bit hexadecimal value.

-session_key_step¶: Specifies the step value of the session key. Possible values are 32 or 64 bit hexadecimal value.

-static_cak_name¶

Specifies the value of the first static cak name.

Dependency: -macsec_mode static_cak

Possible values are 32 or 64-bit hexadecimal value. If -cipher_suite is gcmaes128 then the value should be 32-bit hex. If -cipher_suite is gcmaes256 then the value should be 64-bit hex.

-static_cak_name_step¶

Specifies the step value of the static cak name.

Dependency: -macsec_mode static_cak

Possible values are 32 or 64-bit hexadecimal value. If -cipher_suite is gcmaes128 then the value should be 32-bit hex. If -cipher_suite is gcmaes256 then the value should be 64-bit hex.

-static_cak_value¶

Specifies the value of the first static cak value.

Dependency: -macsec_mode static_cak

Possible values are 32 or 64-bit hexadecimal value. If -cipher_suite is gcmaes128 then the value should be 32-bit hex. If -cipher_suite is gcmaes256 then the value should be 64-bit hex.

-static_cak_value_step¶

Specifies the step value of the static cak value.

Dependency: -macsec_mode static_cak

Possible values are 32 or 64-bit hexadecimal value. If -cipher_suite is gcmaes128 then the value should be 32-bit hex. If -cipher_suite is gcmaes256 then the value should be 64-bit hex.

Return Values¶

Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):

status               $SUCCESS (1) or $FAILURE (0)
log                  Error message if command returns {status 0}
handle               The host handle
handle_list          The host handle or
                     the emulated device handles list when expand is set true.

Description¶

The sth::emulation_macsec_config function creates, modifies and deletes one or more emulated MACsec hosts on the specified port. Use the -mode argument to specify the action to perform. (See the -mode argument description for information about the actions.)

When you create an emulated MACsec host, use the -port_handle argument to specify the Spirent HLTAPI port that the emulated MACsec device will use. (The port handle value is contained in the keyed list returned by the connect function.) The create mode returns the handle of the host.

Use this function when you want to create a device without configuring a protocol. You can enable a protocol on the created device if you need it later. You can also use the created device as the source or destination handle when you create a bound stream.

Examples¶

The following example creates an emulated MACsec device:

set devcie_ret1 [::sth::emulation_macsec_config\
 -mode                       create\
 -ip_version                 ipv4\
 -encapsulation              ethernet_ii\
 -port_handle                port1\
 -count                      1 \
 -enable_ping_response       0 \
 -router_id                  192.0.0.1 \
 -mac_addr                   00:10:94:00:00:01 \
 -mac_addr_step              00:00:00:00:00:01 \
 -resolve_gateway_mac        true \
 -gateway_ip_addr_step       0.0.0.0 \
 -intf_ip_addr               1.1.1.2 \
 -intf_prefix_len            24 \
 -gateway_ip_addr            1.1.1.1 \
 -intf_ip_addr_step          0.0.0.1 \
 -name                       MACSEC_Client1\
 -macsec_mode                "static_cak" \
 -cipher_suite               gcmaes256\
 -enable_xpn                 false\
 -enable_sci                 true\
 -port_id                     1\
 -port_id_step                 1\
 -association_number           0\
 -association_number_step      1\
 -peer_association_number      0\
 -peer_association_number_step  1\
 -encryption_offset             none\
 -replay_protection_window      0\
 -session_key                   255\
 -session_key_step              1\
 -static_cak_name               "16 1"\
 -static_cak_name_step          "0 1"\
 -static_cak_value              "255 238 221 204 187 170 153
                                136 119 102 85 68 51 34 17 0 0 17 34
                                51 68 85 102 119 136 153 170 187 204 221 238 255"\
 -static_cak_value_step         "0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
                                  0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"\

]

Sample Output:

{handle host1} {handle_list host1} {macsec_handle macsecsupplicantblockconfig1}
{macsec_handle_list macsecsupplicantblockconfig1} {status 1}

The following example deletes all MACsec devices:

set returnedString [sth::emulation_macsec_config   \
                   -mode   delete  \
                   -handle  all]

End of Procedure Header

sth::emulation_macsec_control¶

Purpose¶

Starts, stops MACsec tests for the specified port.

Synopsis¶

Note

M indicates that the argument is Mandatory .

sth::emulation_macsec_control
   [-port_handle <port_handle or port_handle list>  M]
   [-handle <macsec device or macsec device list>]
   [-action  {start|stop}  M]

Arguments¶

-port_handle¶: Specifies a list of ports on which to to perform the actions. You must specify either -handle or -port_handle, but not both.

-handle¶: Specifies a list of PTP devices on which to perform the action. You must specify either -handle or -port_handle, but not both.

-action¶

Specifies the action to be taken on the specified port handle. This argument is Mandatory . Possible values are:

start: Start MACsec authentication requests for supplicant(s).
stop: Abort pending MACsec authentication requests for supplicant(s).

Return Values¶

Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):

status    Success (1) or failure (0) of the operation.
log       An error message (if the operation failed).

Description¶

The sth::emulation_macsec_control function controls the MACsec traffic through the specified ports. You can use the function to perform start/abort MACsec authentication.

Examples¶

#### HLTAPI for Tcl ####

To start the MACsec authentication on the specified ports:

sth::emulation_macsec_control -port_handle "port1 port2" \
    -action           start\

Sample Output:

{status 1}

#### HLTAPI for Python ####

To start the MACsec authentication on the specified ports:

   ctrl_ret1 = sth.emulation_macsec_control (
               port_handle              = port1,
               action                   = 'start');

Sample Output::

 {'status': '1'}

#### HLTAPI for Perl ####

To start the MACsec authentication on the specified ports:

my %ctrl_ret1 = sth::emulation_macsec_control (
            port_handle         => "port1",
            action              => 'start');

Sample Output:

$VAR1 = 'status';
$VAR2 = '1';

End of Procedure Header

sth::emulation_macsec_stats¶

Purpose¶

Returns MACsec test results from Spirent TestCenter IQ.

Synopsis¶

Note

M indicates that the argument is Mandatory .

sth::emulation_macsec_stats
   [-port_handle <port_handle or port_handle list>  M]
   [-result_type {macsec_supplicant_block_stats}  M]
   [-clear_db  {0|1}]

Arguments¶

-port_handle¶: Specifies a list of ports on which MACsec test will start and stop the authentication requests. It is Mandatory that you specify -port_handle.

-result_type¶

Specifies the type of MACsec results. This argument is mandatory. Possible values are:

macsec_supplicant_block_stats: Returns MACsec supplicant block statistics from Spirent TestCenter IQ.

-clear_db¶: Specifies to stop and delete the Spirent TestCenter IQ database at the end of the test. Possible values are 0 and 1. If the value is set to 1, test will stop and delete the database. If the value is set to 0, test will not stop and delete the database. Default is 1.

Return Values¶

Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):

status         Retrieves a value indicating the success (1) or failure
               (0) of the operation.

log            Retrieves a message describing the last error that
               occurred during the operation. If the operation was
               successful - {status 1} - the log value is null.

The following keys are returned when you specify -result_type macsec_supplicant_block_stats:

<port_handle>.<rownumber>.emulated_device_name
<port_handle>.<rownumber>.auth_state
<port_handle>.<rownumber>.auth_supplicant_count
<port_handle>.<rownumber>.mk_pdu_tx
<port_handle>.<rownumber>.mk_pdu_rx
<port_handle>.<rownumber>.mk_pdu_malformed_rx
<port_handle>.<rownumber>.live_peer_count
<port_handle>.<rownumber>.icv_mismatch
<port_handle>.<rownumber>.non_macsec_packet_rx
<port_handle>.<rownumber>.valid_packet_rx
<port_handle>.<rownumber>.bad_packet_rx
<port_handle>.<rownumber>.encrypted_packet_tx
<port_handle>.<rownumber>.encrypted_bytes_tx
<port_handle>.<rownumber>.decrypted_bytes_rx

Description¶

The sth::emulation_macsec_stats function provides information about ports specified for the MACsec configuration. JSON package is required to use emulation_macsec_stats function as it internally returns values in JSON format.

This function returns the requested data and a status value (1 for success). If there is an error, the function returns the status value (0) and an error message. Function return values are converted from JSON format to a keyed list (supported by the Tcl extension software - TclX). Use the TclX function keylget to retrieve data from the keyed list.

Examples¶

#### HLTAPI for Tcl ####

To retrieve MACsec supplicant block statistics from the specified port:

sth::emulation_macsec_stats \
      -port_handle port1 \
      -result_type macsec_supplicant_block_stats \

Sample Output:

{port1 {{macsec_supplicant_block_stats {{0 {{emulated_device_name Host 1}
{auth_state AUTHENTICATING} {auth_supplicant_count 0} {mk_pdu_tx 0} {mk_pdu_rx 0}
{mk_pdu_malformed_rx 0} {live_peer_count 0} {icv_mismatch 0} {non_macsec_packet_rx 0}
{valid_packet_rx 0} {bad_packet_rx 0} {encrypted_packet_tx 0} {encrypted_bytes_tx 0}
{decrypted_bytes_rx 0}}}}}}} {status 1}

#### HLTAPI for Python ####

Sample Input:

results_ret2 = sth.emulation_macsec_stats (
    port_handle              = port1,
    result_type              = 'macsec_supplicant_block_stats');

Sample Output:

{'port1': {{'macsec_supplicant_block_stats': {{'0': {'emulated_device_name': 'Host 1',
'auth_state': 'AUTHENTICATED', 'auth_supplicant_count': '0', 'mk_pdu_tx': '0', 'mk_pdu_rx': '0',
'mk_pdu_malformed_rx': '0', 'live_peer_count': '0', 'icv_mismatch': '0', 'non_macsec_packet_rx': '0',
'valid_packet_rx': '0', 'bad_packet_rx': '0', 'encrypted_packet_tx': '0', 'encrypted_bytes_tx': '0',
'decrypted_bytes_rx': '0'}}}}}} {'status': '1'}

End of Procedure Header