[j-nsp] [EXT] Re: MX204 MACsec

Anderson, Charles R cra at wpi.edu
Wed Nov 27 14:28:30 EST 2019


Interesting.  I wonder if this falls under "This is implemented, but not supported by JTAC."  You'd have to actually try it to see...

On Wed, Nov 27, 2019 at 01:18:29PM -0600, Aaron Gould wrote:
> [edit]
> me at site2-204-3# show | compare
> [edit]
> +  security {
> +      macsec {
> +          connectivity-association my-ca1 {
> +              security-mode static-cak;
> +              mka {
> +                  transmit-interval 6000;
> +                  key-server-priority 0;
> +              }
> +              replay-protect {
> +                  replay-window-size 5;
> +              }
> +              offset 30;
> +              pre-shared-key {
> +                  ckn (i removed);
> +                  cak "(i removed)"; ## SECRET-DATA
> +              }
> +              exclude-protocol lldp;
> +          }
> +          interfaces {
> +              xe-0/1/0 {
> +                  connectivity-association my-ca1;
> +              }
> +          }
> +      }
> +  }
> 
> [edit]
> me at site2-204-3# commit check
> configuration check succeeds
> 
> [edit]
> me at site2-204-3# show security
> macsec {
>     connectivity-association my-ca1 {
>         security-mode static-cak;
>         mka {
>             transmit-interval 6000;
>             key-server-priority 0;
>         }
>         replay-protect {
>             replay-window-size 5;
>         }
>         offset 30;
>         pre-shared-key {
>             ckn (i removed);
>             cak "(i removed)"; ## SECRET-DATA
>         }
>         exclude-protocol lldp;
>     }
>     interfaces {
>         xe-0/1/0 {
>             connectivity-association my-ca1;
>         }
>     }
> }
> 
> [edit]
> me at site2-204-3#
> 
> 
> 
> - Aaron


More information about the juniper-nsp mailing list