[j-nsp] [EXT] Re: MX204 MACsec
Richard McGovern
rmcgovern at juniper.net
Mon Dec 9 06:37:15 EST 2019
This appears to be a SW issue, as MX204 does NOT have any MACsec support. As Chuck said, SW sure error in some manner, like non-supported platform etc. Even though the config is allowed, nothing will happen in terms of MACsec - no HW support.
Rich
Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342
I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it
On 11/27/19, 2:28 PM, "Anderson, Charles R" <cra at wpi.edu> wrote:
Interesting. I wonder if this falls under "This is implemented, but not supported by JTAC." You'd have to actually try it to see...
On Wed, Nov 27, 2019 at 01:18:29PM -0600, Aaron Gould wrote:
> [edit]
> me at site2-204-3# show | compare
> [edit]
> + security {
> + macsec {
> + connectivity-association my-ca1 {
> + security-mode static-cak;
> + mka {
> + transmit-interval 6000;
> + key-server-priority 0;
> + }
> + replay-protect {
> + replay-window-size 5;
> + }
> + offset 30;
> + pre-shared-key {
> + ckn (i removed);
> + cak "(i removed)"; ## SECRET-DATA
> + }
> + exclude-protocol lldp;
> + }
> + interfaces {
> + xe-0/1/0 {
> + connectivity-association my-ca1;
> + }
> + }
> + }
> + }
>
> [edit]
> me at site2-204-3# commit check
> configuration check succeeds
>
> [edit]
> me at site2-204-3# show security
> macsec {
> connectivity-association my-ca1 {
> security-mode static-cak;
> mka {
> transmit-interval 6000;
> key-server-priority 0;
> }
> replay-protect {
> replay-window-size 5;
> }
> offset 30;
> pre-shared-key {
> ckn (i removed);
> cak "(i removed)"; ## SECRET-DATA
> }
> exclude-protocol lldp;
> }
> interfaces {
> xe-0/1/0 {
> connectivity-association my-ca1;
> }
> }
> }
>
> [edit]
> me at site2-204-3#
>
>
>
> - Aaron
More information about the juniper-nsp
mailing list