AssociateMacSecKey - Express Connect - Alibaba Cloud Documentation Center

This operation associates a MacSec key with a port on a dedicated physical connection. It uses dedicated encryption hardware, such as a NIC or switch, to perform low-latency encryption and decryption. It directly encrypts the physical link, such as a fiber optic or Ethernet cable, to protect all traffic from the sender to the receiver.

Operation description

This operation has the following prerequisites:

The device that hosts the Express Connect physical connection supports the MacSec feature.
The Express Connect physical connection must be fully paid.
MacSec can be configured only on a dedicated physical connection.

Note the following:

You can configure a maximum of three sets of Ckn and Cak.
If you associate a key that is in the Disassociated state, the system disassociates the previously active key.
If you associate a key that is in the AssociatedFailed state, the device renegotiates the session.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID of the Express Connect physical connection. You can call the DescribeRegions operation to obtain the region ID.	cn-hangzhou
PhysicalConnectionId	string	Yes	The ID of the Express Connect physical connection.	pc-bp1hp0wr072f6****
CipherSuite	string	Yes	The cipher suite. Valid values: GCM-AES-128 GCM-AES-XPN-128 GCM-AES-256 GCM-AES-XPN-256	GCM-AES-128
Ckn	string	Yes	The key name. This parameter accepts only hexadecimal characters. Lowercase letters are automatically converted to uppercase. The cipher suite determines the required length of the key name: 32 hexadecimal characters for GCM-AES-128 or GCM-AES-XPN-128, and 64 hexadecimal characters for GCM-AES-256 or GCM-AES-XPN-256.	0123456789ABCDEF0123456789ABCDEF
Cak	string	Yes	The key secret. This parameter accepts only hexadecimal characters. Lowercase letters are automatically converted to uppercase. The cipher suite determines the required length of the key secret: 32 hexadecimal characters for GCM-AES-128 or GCM-AES-XPN-128, and 64 hexadecimal characters for GCM-AES-256 or GCM-AES-XPN-256.	0123456789ABCDEF0123456789ABCDEF

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	D32B3C26-6C6C-4988-93E9-D2A6444CE6AE

Examples

Success response

JSON format

{
  "RequestId": "D32B3C26-6C6C-4988-93E9-D2A6444CE6AE"
}

Error codes

HTTP status code	Error code	Error message	Description
400	IllegalParam.%s	The param of %s is illegal.	The parameter is invalid.
400	ResourceNotFound.PhysicalConnectionId	The specified resource of [%s] is not found.	The Express Connect circuit does not exist.
400	IncorrectStatus.PhysicalConnection	The status of %s [%s] is incorrect.	The status of the physical connection does not support this operation.
400	UnsupportedFeature.Macsec	The feature of Macsec is not supported.	The current physical connection does not support the MACSec feature.
400	IncorrectStatus.PconnMacsec	The status of %s [%s] is incorrect.	The operation is not allowed because the MACSec key is in an unstable state.
400	QuotaExceeded.PconnMacsec	The quota of PconnMacsec is exceeded, usage 3/3.	A physical connection supports binding up to three sets of MACSec keys.
400	UnsupportedFeature.Macsec.CipherSuite	The feature of Macsec.CipherSuite is not supported.	The current physical connection supports MACSec, but does not support the selected encryption algorithm.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.