Specify a number of bytes (starting from the frame header), after which MACsec encrypts the bytes in a frame. Values are 0 (default), 30, or 50.

Select to include the Secure Channel Identifier (SCI) tag in the Security Tag field of the MACsec header. Default is disabled.

Select to enable replay protection. This allows a MACsec port to accept frames out of order if they are within the Anti Replay Window. Default is disabled.

Specify the size of the Anti Replay window in the range 0 to 65,535; default is 16,384. This value determines the range of packet numbers that the port will accept, to thereby include packets that may be out of order. The port will accept packets with a packet number greater than or equal to the last packet number minus the window size. For example, after the port receives packet number 12, if the window is 5, the port will subsequently accept only packets numbered 7 or higher.

Specify in seconds; range is 60 to 86,400; default is 3,600. Connectivity Association participants negotiate a Secure Association agreement, which includes a cipher suite and keys. The Secure Association Key (SAK) is refreshed at the SAK rekey interval.

Enter a name for the Pre Shared Key, using zero or more alphanumeric characters, underscores (_), hyphens (-), dots (.), or spaces. Name is a maximum of 31 characters.

Enter the Connectivity Association Key Name (CKN), which is 1 to 32 bytes of hexadecimal string (2 to 64 hex digits) with an even number of digits.

Enter the Connectivity Association Key (CAK), which is a 16-byte hexadecimal string (32 hex digits) for AES-128-GCM, or a 32-byte hexadecimal string (64 hex digits) for AES-256-GCM.