Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan cara mengaktifkan MACsec untuk Cloud Interconnect.
Setelah Anda membuat pre-shared key dan mengonfigurasi router lokal untuk menggunakannya,
Anda perlu mengaktifkan MACsec untuk Cloud Interconnect. Setelah
MACsec untuk Cloud Interconnect diaktifkan, Anda harus memastikan bahwa
konfigurasi Cloud Interconnect Anda telah dikonfigurasi dengan benar dan menggunakan
MACsec
untuk membantu melindungi data Anda.
Sebelum memulai
Jika Anda belum menyelesaikan penyiapan,
siapkan MACsec
sebelum mengaktifkan MACsec untuk Cloud Interconnect.
Mengaktifkan MACsec untuk Cloud Interconnect
Pilih salah satu opsi berikut:
Konsol
Di konsol Google Cloud , buka tab Koneksi
fisik Cloud Interconnect.
Jendela konfirmasi akan ditampilkan. Baca pesannya, lalu klik
Konfirmasi untuk mengonfirmasi bahwa Anda ingin mengaktifkan MACsec, atau Batal untuk
membatalkannya.
gcloud
Untuk mengaktifkan MACsec untuk Cloud Interconnect dengan setelan default,
jalankan perintah berikut:
Bagian Info sirkuit link menampilkan informasi berikut:
ID sirkuit Google: nama sirkuit link.
Status link: Status fisik link anggota LACP menampilkan check_circlePemeriksaan dan Aktif untuk menunjukkan bahwa link anggota LACP naik.
Nama kunci MACsec: menampilkan Pemeriksaancheck_circle dan nama
nama kunci MACsec untuk menunjukkan bahwa MACsec aktif pada link.
Menerima daya optik:Pemeriksaancheck_circle menunjukkan
koneksi yang dapat diterima. Tingkat cahaya optik yang dideteksi antarmuka
fisik dari pemancar jarak jauh ditampilkan dalam
dBm.
Mengirimkan daya optik:Pemeriksaancheck_circle menunjukkan
koneksi yang dapat diterima dan level cahaya optik yang ditransmisikan oleh antarmuka
fisik ke penerima jarak jauh yang ditampilkan dalam dBm.
ID demarkasi Google: ID unik yang ditetapkan Google untuk sirkuit
link.
Klik tab MACsec. KonfigurasiMACsec menampilkan salah satu
dari berikut ini untuk konfigurasi MACsec Anda:
Diaktifkan, gagal dibuka: Enkripsi MACsec diaktifkan di
link. Jika enkripsi MACsec tidak dibuat di antara kedua ujung tersebut, maka
link akan beroperasi tanpa enkripsi.
Diaktifkan, gagal ditutup: Enkripsi MACsec diaktifkan di
link. Jika enkripsi MACsec tidak dibuat di antara kedua ujung tersebut,
maka link akan gagal.
availableFeatures: Kemampuan MACsec di
koneksi Cloud Interconnect. Parameter ini hanya ditampilkan untuk
koneksi Cloud Interconnect 10 GB, karena semua
koneksi Cloud Interconnect 100 GB mendukung MACsec
secara default.
macsec.failOpen: perilaku koneksi jika
Cloud Interconnect tidak dapat membuat sesi MKA dengan
router Anda. Nilainya adalah salah satu dari berikut ini:
false: jika sesi MKA tidak dapat dibuat,
maka Cloud Interconnect akan menghapus semua traffic.
true: jika sesi MKA tidak dapat dibuat,
maka Cloud Interconnect akan meneruskan traffic yang tidak dienkripsi.
macsec.preSharedKeys.name: daftar semua pre-shared key
yang dikonfigurasi untuk Cloud Interconnect di link ini.
macsec.preSharedKeys.startTime: waktu mulai saat
pre-shared key saat ini dianggap valid. Semua kunci memiliki validitas tak terbatas.
macsecEnabled: Status MACsec untuk Cloud Interconnect di
link ini. Nilainya adalah salah satu dari berikut ini:
false: MACsec untuk Cloud Interconnect tidak aktif.
true: MACsec untuk Cloud Interconnect aktif.
Perintah ini tidak menampilkan status operasional MACsec.
Aktifkan MACsec di router lokal Anda
Lihat dokumentasi vendor router Anda untuk mengaktifkan MACsec di
router lokal.
Menguras koneksi Cloud Interconnect Anda
Jika sebelumnya Anda menghabiskan koneksi Cloud Interconnect Anda, aktifkan
lampiran VLAN.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-05 UTC."],[],[],null,["# Enable MACsec\n\nThis page describes how to enable MACsec for Cloud Interconnect.\n\nAfter you generate pre-shared keys and configure your on-premises router to use\nthem, you need to enable MACsec for Cloud Interconnect. After\nMACsec for Cloud Interconnect is enabled, you verify that your\nCloud Interconnect configuration is correctly configured and is using\nMACsec\nto help protect your data.\n\nBefore you begin\n----------------\n\nIf you haven't completed set up, then\n[set up MACsec](/network-connectivity/docs/interconnect/how-to/macsec/set-up-macsec)\nbefore enabling MACsec for Cloud Interconnect.\n| **Important:** When you enable MACsec on your Cloud Interconnect connection, the connection temporarily experiences packet loss. To avoid disruption to your connectivity, verify that there is no traffic on your Cloud Interconnect VLAN attachments before enabling MACsec for Cloud Interconnect. For more information, see [Disable VLAN\n| attachments](/network-connectivity/docs/interconnect/how-to/dedicated/disabling-vlans).\n\nEnable MACsec for Cloud Interconnect\n------------------------------------\n\nSelect one of the following options: \n\n### Console\n\n1. In the Google Cloud console, go to the Cloud Interconnect **Physical\n connections** tab.\n\n [Go to Physical connections](https://console.cloud.google.com/hybrid/interconnects/list?tab=interconnects)\n2. Select the connection that you want to modify.\n\n3. On the **MACsec** tab, click **Enable**.\n\n A confirmation window is displayed. Read the message, and then click\n **Confirm** to confirm that you want to enable MACsec, or **Cancel** to\n cancel.\n\n### gcloud\n\nTo enable MACsec for Cloud Interconnect with default settings, run the\nfollowing command: \n\n gcloud compute interconnects macsec update \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e \\\n --enabled\n\nReplace \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e with the name of your\nCloud Interconnect connection.\n\nVerify MACsec configuration\n---------------------------\n\nSelect one of the following options: \n\n### Console\n\n1. In the Google Cloud console, go to the Cloud Interconnect **Physical\n connections** tab.\n\n [Go to Physical connections](https://console.cloud.google.com/hybrid/interconnects/list?tab=interconnects)\n2. Select the connection that you want to view.\n\n3. The **Link circuit info** section displays the following information:\n\n - **Google circuit ID:** the name of the link circuit.\n\n - **Link state:** the LACP member link's physical state displays a check_circle\n **Check** and **Active** to indicate that the LACP member link is up.\n\n - **MACsec key name** : displays a check_circle **Check** and the name of the\n MACsec key name to indicate that MACsec is active on the link.\n\n - **Receiving optical power:** a check_circle **Check** indicates an\n acceptable connection. The optical light level that the physical\n interface detects from the remote transmitter is displayed in\n [dBm](https://en.wikipedia.org/wiki/DBm).\n\n - **Transmitting optical power:** a check_circle **Check** indicates\n an acceptable connection and the optical light level that the physical\n interface is transmitting to the remote receiver is displayed in dBm.\n\n - **Google demarc ID:** the Google-assigned unique ID for the link\n circuit.\n\n4. Click the **MACsec** tab. The **MACsec** **configuration** displays one\n of the following for your MACsec configuration:\n\n - **Enabled, fail open:** MACsec encryption is enabled on the\n link. If MACsec encryption isn't established between both ends, then\n the link operates without encryption.\n\n - **Enabled, fail closed:** MACsec encryption is enabled on the\n link. If MACsec encryption isn't established between both ends, then\n the link fails.\n\n### gcloud\n\nRun the following command: \n\n gcloud compute interconnects describe \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e\n\nThe output is similar to the following 10 GB Cloud Interconnect\nexample; look for `availableFeatures` set to `IF_MACSEC` and the `macsec`\nsection: \n\n adminEnabled: true\n availableFeatures:\n - IF_MACSEC\n circuitInfos:\n - customerDemarcId: fake-peer-demarc-0\n googleCircuitId: LOOP-0\n googleDemarcId: fake-local-demarc-0\n creationTimestamp: '2021-10-05T03:39:33.888-07:00'\n customerName: Fake Company\n description: something important\n googleReferenceId: '123456789'\n id: '12345678987654321'\n interconnectAttachments:\n - https://www.googleapis.com/compute/v1/projects/my-project1/regions/us-central1/interconnectAttachments/interconnect-123456-987654321-0\n interconnectType: IT_PRIVATE\n kind: compute#interconnect\n labelFingerprint: 12H17262736_\n linkType: LINK_TYPE_ETHERNET_10G_LR\n location: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnectLocations/cbf-zone2-65012\n macsec:\n failOpen: false\n preSharedKeys:\n - name: key1\n startTime: 2023-07-01T21:00:01.000Z\n macsecEnabled: true\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/span\u003e\u003c/var\u003e\n operationalStatus: OS_ACTIVE\n provisionedLinkCount: 1\n requestedFeatures:\n - IF_MACSEC\n requestedLinkCount: 1\n selfLink: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnects/\u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e\n selfLinkWithId: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnects/12345678987654321\n state: ACTIVE\n\nThe following items specify the Cloud Interconnect connection's\nMACsec configuration:\n\n- **`availableFeatures`:** MACsec capability on the\n Cloud Interconnect connection. This parameter is shown only for\n 10 GB Cloud Interconnect connections, because all\n 100 GB Cloud Interconnect connections are MACsec capable\n by default.\n\n- **`macsec.failOpen`:** the connection's behavior if\n Cloud Interconnect can't establish an MKA session with your\n router. The value is either of the following:\n\n - **`false`:** if an MKA session can't be established, then\n Cloud Interconnect drops all traffic.\n\n - **`true`:** if an MKA session can't be established, then\n Cloud Interconnect passes unencrypted traffic.\n\n- **`macsec.preSharedKeys.name`:** the list of all pre-shared keys\n configured for Cloud Interconnect on this link.\n\n- **`macsec.preSharedKeys.startTime`:** the start time that the current\n pre-shared key is considered valid. All keys have infinite validity.\n\n- **`macsecEnabled`:** MACsec status for Cloud Interconnect on this\n link. The value is either of the following:\n\n - **`false`:** MACsec for Cloud Interconnect is off.\n - **`true`:** MACsec for Cloud Interconnect is on.\n\nThis command doesn't display MACsec operational status.\n\nEnable MACsec on your on-premises router\n----------------------------------------\n\nRefer to your router vendor's documentation to enable MACsec on your on-premises\nrouter.\n\nUndrain your Cloud Interconnect connection\n------------------------------------------\n\nIf you previously drained your Cloud Interconnect connection, [enable\nVLAN attachments](/network-connectivity/docs/interconnect/how-to/dedicated/enable-vlan-attachments).\n\nWhat's next?\n------------\n\n- [Troubleshoot MACsec](/network-connectivity/docs/interconnect/how-to/macsec/troubleshoot-macsec)\n- [View MACsec status](/network-connectivity/docs/interconnect/how-to/macsec/view-macsec-status)\n- [Disable MACsec](/network-connectivity/docs/interconnect/how-to/macsec/disable-macsec)\n- [Get MACsec keys](/network-connectivity/docs/interconnect/how-to/macsec/get-macsec-keys)\n- [Rotate MACsec keys](/network-connectivity/docs/interconnect/how-to/macsec/rotate-macsec-keys)"]]