Supported Platforms
no-encryption
Syntax
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.
Description
Disables MACsec encryption for a connectivity association that is configured to enable MACsec using static connectivity association key (CAK) security mode.
You can enable MACsec without enabling encryption. If a connectivity association that has not enabled MACsec encryption is associated with an interface, traffic is forwarded across the Ethernet link in clear text. You are, therefore, able to view this unencrypted traffic when you are monitoring the link. The MACsec header is still applied to the packet, however, and all MACsec data integrity checks are run on both ends of the link to ensure the traffic does not represent a security threat.
This command is used to disable encryption when MACsec is configured using static CAK security mode only. When MACsec is configuring using static secure association key (SAK) security mode, the encryption setting is managed in the secure channel using the encryption configuration statement.
Default
MACsec encryption is enabled if MACsec is enabled using static CAK security mode.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
