On Tue, Feb 25, 2025 at 08:18:06AM +0000, Martínek Petr wrote: > [PATCH] MACsec: Add option to always include ICV Indicator > > Some older MACsec switches incorrectly require ICV Indicator to be present even > when ICV has default length (CISCO C3560CX). To allow communication with such > devices option include-icv-indicator was added to always include ICV Indicator. > > Similar option is found in configuration of some other switches: > Cisco: > include-icv-indicator - this parameter configures inclusion of the optional ICV > Indicator as part of the transmitted MACsec Key Agreement PDU (MKPDU). This > configuration is necessary for MACsec to interoperate with routers that run > software prior to IOS XR version 6.1.3. This configuration is also important > in a service provider WAN setup where MACsec interoperates with other vendor > MACsec implementations that expect ICV indicator to be present in the MKPDU. > > fortiswitch: > include-mka-icv-ind: The MACsec Key Agreement (MKA) integrity check value (ICV) > indicator is always included. (enabled by default) Thanks, applied. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
