Symptom
MACSEC fails with the following errors:
mka: (Error) Device Name:[0x3FF] Instance:[63] Error Type:[(null)] code:[255] in handling received pkt
mka: PKT::Ifindex(1a28f000) ERROR:Received CKN length (16 bytes) is not supported
Conditions
components used:
N7K - N77-M348XP-23L running 8.2(1)
on the other end its a C9407R with C9400-LC-48UX running 16.9.1
Workaround
In case user wants to inter-opt between two images one having this DDTS code changes one having older image i.e. not having this DDTS code changes the in order to work in box loaded with new image the key-name in key chain should be configured of length 64 with zero padded (or any 64 digit length key name).
For example :
Config for Old Image:
config t
key chain abc macsec
key 11
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789013
lifetime local 12:21:00 Sep 9 2015 infinite
Config for new Image :
config t
key chain abc macsec
key 11000000000000000000000000000000000000000000000000000000000000000
cryptographic-algorithm aes-128-cmac
key-string 12345678901234567890123456789013
lifetime local 12:21:00 Sep 9 2015 infinite
Further Problem Description
