[j-nsp] [EXT] Re: MX204 MACsec
Anderson, Charles R
cra at wpi.edu
Wed Nov 27 14:28:30 EST 2019
Interesting. I wonder if this falls under "This is implemented, but not supported by JTAC." You'd have to actually try it to see...
On Wed, Nov 27, 2019 at 01:18:29PM -0600, Aaron Gould wrote:
> [edit]
> me at site2-204-3# show | compare
> [edit]
> + security {
> + macsec {
> + connectivity-association my-ca1 {
> + security-mode static-cak;
> + mka {
> + transmit-interval 6000;
> + key-server-priority 0;
> + }
> + replay-protect {
> + replay-window-size 5;
> + }
> + offset 30;
> + pre-shared-key {
> + ckn (i removed);
> + cak "(i removed)"; ## SECRET-DATA
> + }
> + exclude-protocol lldp;
> + }
> + interfaces {
> + xe-0/1/0 {
> + connectivity-association my-ca1;
> + }
> + }
> + }
> + }
>
> [edit]
> me at site2-204-3# commit check
> configuration check succeeds
>
> [edit]
> me at site2-204-3# show security
> macsec {
> connectivity-association my-ca1 {
> security-mode static-cak;
> mka {
> transmit-interval 6000;
> key-server-priority 0;
> }
> replay-protect {
> replay-window-size 5;
> }
> offset 30;
> pre-shared-key {
> ckn (i removed);
> cak "(i removed)"; ## SECRET-DATA
> }
> exclude-protocol lldp;
> }
> interfaces {
> xe-0/1/0 {
> connectivity-association my-ca1;
> }
> }
> }
>
> [edit]
> me at site2-204-3#
>
>
>
> - Aaron
More information about the juniper-nsp
mailing list