[j-nsp] MX204 MACsec

Richard McGovern rmcgovern at juniper.net
Wed Nov 27 10:14:08 EST 2019


I am fairly certain the original link that Graham posted - https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)  - where it shows that the MX204 has support for Unicast MAC DA for MACsec is inaccurate.  One would first need MACsec support to support this extra feature, and the MX204 does NOT have MACsec [HW] support, as Roger pointed out.

I will try to get this inaccuracy corrected.

Just FYI, Rich

Richard McGovern
Sr Sales Engineer, Juniper Networks 
978-618-3342
 
I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it
 

On 11/26/19, 7:12 PM, "Mohammad Khalil" <eng.mssk at gmail.com> wrote:

    Thank you very much.
    
    On Tue, 26 Nov 2019 at 22:33, Roger Wiklund <roger.wiklund at gmail.com> wrote:
    
    > Here you go
    >
    >
    > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_media_access_control_security_qfx_ex.html#jd0e108
    >
    >
    > On Tue, Nov 26, 2019 at 9:29 PM Mohammad Khalil <eng.mssk at gmail.com>
    > wrote:
    >
    >> Thanks Roger for the kind feedback.
    >> Is there any HW related documentation I can use for this?
    >>
    >> On Tue, 26 Nov 2019 at 22:28, Roger Wiklund <roger.wiklund at gmail.com>
    >> wrote:
    >>
    >>> Hi
    >>>
    >>> MX204 does not support MACsec, it lacks the hardware for it.
    >>>
    >>>
    >>>
    >>> On Tue, Nov 26, 2019 at 9:04 PM Mohammad Khalil <eng.mssk at gmail.com>
    >>> wrote:
    >>>
    >>>> Thanks Graham for the kind reply.
    >>>> But in general that means MACsec standard 802.1ae is not support on
    >>>> MX204
    >>>> ports?
    >>>>
    >>>> Thanks again
    >>>>
    >>>> On Tue, 26 Nov 2019 at 21:44, Graham Brown <
    >>>> juniper-nsp at grahambrown.info>
    >>>> wrote:
    >>>>
    >>>> > Hi Mohammad,
    >>>> >
    >>>> > The following link displays specific elements pertaining to MACSec
    >>>> support
    >>>> > on various Juniper platforms, MX204 included:
    >>>> >
    >>>> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
    >>>> >
    >>>> >
    >>>> > Review the link and ask the customer for clarification on what they
    >>>> > require to be supported from the equipment. Depending on what the
    >>>> > requirements are, the MX204 may be able to secure the L2 elements for
    >>>> your
    >>>> > customer.
    >>>> >
    >>>> > HTH,
    >>>> > Graham
    >>>> >
    >>>> > Graham Brown
    >>>> > Twitter - @mountainrescuer <https://urldefense.com/v3/__https://twitter.com/*!/mountainrescuer__;Iw!8WoA6RjC81c!UHGI_Mb1oXZlTiCFR8_FUyBeKvhoVEZvYb4AHYnNKMQe2Q7-4YA9vOgO1s83R0MiLA$ >
    >>>> > LinkedIn <https://urldefense.com/v3/__http://www.linkedin.com/in/grahamcbrown__;!8WoA6RjC81c!UHGI_Mb1oXZlTiCFR8_FUyBeKvhoVEZvYb4AHYnNKMQe2Q7-4YA9vOgO1s8q9zu26w$ >
    >>>> >
    >>>> >
    >>>> > On Wed, 27 Nov 2019 at 08:39, Mohammad Khalil <eng.mssk at gmail.com>
    >>>> wrote:
    >>>> >
    >>>> >> Dears
    >>>> >> I am working with a customer and MX204 is in play.
    >>>> >> The customer concern is MACsec feature support , I have read around
    >>>> >> that MX204 doesn’t Support a real MACSEC, but offers unicast MAC DA
    >>>> for
    >>>> >> MACsec and MACsec with fallback PSK are which related to allow
    >>>> exchanging
    >>>> >> and establishing Macsec connections.
    >>>> >> So frankly MX204 does not support MACsec or am I missing something?
    >>>> >>
    >>>> >> Thanks
    >>>> >> _______________________________________________
    >>>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
    >>>> >> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!8WoA6RjC81c!UHGI_Mb1oXZlTiCFR8_FUyBeKvhoVEZvYb4AHYnNKMQe2Q7-4YA9vOgO1s-Bo4W0CQ$ 
    >>>> >>
    >>>> >
    >>>> _______________________________________________
    >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
    >>>> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!8WoA6RjC81c!UHGI_Mb1oXZlTiCFR8_FUyBeKvhoVEZvYb4AHYnNKMQe2Q7-4YA9vOgO1s-Bo4W0CQ$ 
    >>>>
    >>>
    
    



More information about the juniper-nsp mailing list