[j-nsp] MX204 MACsec
Richard McGovern
rmcgovern at juniper.net
Wed Nov 27 11:52:18 EST 2019
So it looks SW allows for the commands, as other MX products do have MACsec support. I am 99.999% sure these commands will do nothing but make your config file larger.
Thanks for the input. Rich
Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342
I’d rather be lucky than good, as I know I am not good
I don’t make the news, I just report it
On 11/27/19, 11:50 AM, "Aaron Gould" <aaron1 at gvtc.com> wrote:
Not knowing much about this, but going from this site's guidance ( I stopped halfway down the page ) , https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html
...i did the following...
[edit]
me at site2-204-3# show | compare
[edit]
+ security {
+ macsec {
+ connectivity-association my-ca1 {
+ security-mode static-cak;
+ mka {
+ transmit-interval 6000;
+ key-server-priority 0;
+ }
+ replay-protect {
+ replay-window-size 5;
+ }
+ offset 30;
+ pre-shared-key {
+ ckn 37c9c2c45ddd012aa5bc8ef284aa23ff6729ee2e4acb66e91fe34ba2cd9fe311;
+ cak "$9$9Zp0tBIhSrlM8n/0IhcleaZGD.P5T36/tPfIESr8LVwY4UjfTzn9AF3A0BIrlaZGjmfFn/CA0JGjqP5F3evM8X-oJGDHqLx"; ## SECRET-DATA
+ }
+ exclude-protocol lldp;
+ }
+ interfaces {
+ xe-0/1/0 {
+ connectivity-association my-ca1;
+ }
+ }
+ }
+ }
[edit]
me at site2-204-3# commit check
configuration check succeeds
[edit]
me at site2-204-3#
- Aaron
More information about the juniper-nsp
mailing list