[c-nsp] macsec
james list
jameslist72 at gmail.com
Wed Mar 14 03:52:36 EDT 2018
Dear experts,
I’m trying to get working macsec between Cisco 3850 and Juniper EX4300
without success.
Here the config:
Cisco 3850
key chain test macsec
key 123ABC
cryptographic-algorithm aes-128-cmac
!
interface TenGigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
cts manual
policy static sgt 4
sap pmk 0000000000000000000000000000000000000000000000000000000000123ABC
mode-list gcm-encrypt
end
EX4300
set security macsec connectivity-association test1 security-mode static-cak
set security macsec connectivity-association test1 mka key-server-priority 0
set security macsec connectivity-association test1 replay-protect
replay-window-size 5
set security macsec connectivity-association test1 pre-shared-key ckn 123ABC
set security macsec connectivity-association test1 pre-shared-key cak
"$9$-mVb2oAUHkP4oz11Cu0"
set security macsec interfaces ge-0/0/21 connectivity-association test1
It remains UP on Juniper side and “not connected” on Cisco side, if the
macsec is removed everything is UP.
Anyone has already tried and can provide any hint/example config ?
Thanks in advance, cheers,
James
More information about the cisco-nsp
mailing list