Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

security-mode

Syntax

security-mode security-mode;

Hierarchy Level

[edit security macsec connectivity-association connectivity-association-name]

Release Information

Statement introduced in Junos OS Release 13.2X50-D15.

Description

Configure the MACsec security mode for the connectivity association.

We recommend enabling MACsec using static connectivity association key (CAK) security mode. Static CAK security mode ensure security by frequently refreshing to a new random secure association key (SAK) and by only sharing the SAK between the two devices on the MACsec-secured point-to-point link. Additionally, some optional MACsec features—replay protection, SCI tagging, and the ability to exclude traffic from MACsec—are only available when you enable MACsec using static CAK security mode.

Options

security-mode

Specifies the MACsec security mode. Options include:

  • static-cak—Static connectivity association key (CAK) mode.

    In static-cak mode, the switch at one end of the point-to-point link acts as the key server and regularly transmits a randomized key using a process that does not transmit any traffic outside of the MACsec-secured point-to-point link.

  • static-sak—Static secure association key (SAK) mode.

    In static-sak mode, one of two user-configured security keys is used to secure the point-to-point link. The two security keys are regularly rotated.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

 

Related Documentation

 

Published: 2014-04-24

Supported Platforms

 

Related Documentation

 

Published: 2014-04-24

Previous Page Next Page