Navigation
Supported Platforms
[edit security] Configuration Statement Hierarchy on EX Series Switches
This topic lists supported and unsupported configuration statements in the [edit security] hierarchy level on EX Series switches.
- Supported statements are those that you can use to configure some aspect of a software feature on the switch.
- Unsupported statements are those that appear in the command-line interface (CLI) on the switch, but that have no effect on switch operation if you configure them.
- Not all features are supported on all switch platforms. For detailed information about feature support on specific EX Series switch platforms, see EX Series Switch Software Features Overview.
This topic lists:
Supported Statements in the [edit security] Hierarchy Level
The following hierarchy shows the [edit security] configuration statements supported on EX Series switches:
security {alarms {potential-violation {authentication failures;cryptographic-self-test ; key-generation-self-test; non-cryptographic-self-test;policy number per (minute | second);replay-attacks {threshold value;}security-log-percent-full;}}certificates {cache-size bytes;cache-timeout-negative seconds;certification-authority ca-profile-name {ca-name certificate-authority-name;crl filename;encoding (binary | pem);enrollment-url url;file certificate-filename;ldap-url url-name;}enrollment-retry number;local certificate-name {certificate-key-string;load-key-file URL-or-path;}maximum-certificates number;path-length bytes;}ipsec {security-association sa-name {description text-description;manual {direction (bidirectional | inbound | outbound) {}mode (transport | tunnel);}}log {cache {exclude name {destination-address:destination-port;event-id;failure;interface-name;policy-name;process;source-address;source-port;success;username;}limit number;}}macsec {connectivity-association connectivity-association-name {exclude-protocol protocol-name;include-sci;mka {key-server-priority priority-number;transmit-interval interval;}no-encryption;offset (0|30|50);pre-shared-key {cak hexadecimal-number;ckn hexadecimal-number;}replay-protect{replay-window-size number-of-packets;}secure-channel secure-channel-name {direction (inbound | outbound);encryption;id {mac-address mac-address;port-id port-id-number;}offset (0|30|50);security-association security-association-number {key key-string;}}security-mode security-mode;}interfaces interface-name {connectivity-association connectivity-association-name;}}pki {auto-re-enrollment {certificate-id certificate-id {ca-profile-name profile-name;challenge-password password;re-enroll-trigger-time-percentage percentage;re-generate-keypair;}}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;}}ssh-known-hosts {fetch-from-server (hostname | address);host (hostname | address) {dsa-key key;ecdsa-sha2-nistp256-key key;ecdsa-sha2-nistp384-key key;ecdsa-sha2-nistp521-key key;rsa-key key:rsa1-key key;}load-key-file filename;}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level level;no-remote-trace;rate-limit rate;}}
Unsupported Statements in the [edit security] Hierarchy Level
All statements in the [edit security] hierarchy level that are displayed in the command-line interface (CLI) on the switch are supported on the switch and operate as documented with the following exceptions:
Table 1: Unsupported [edit security] Configuration Statements on EX Series Switches
Statement | Hierarchy |
|---|---|
Note: Variables, such as filename, are not shown in the statements or hierarchies. | |
audible | [edit security alarms] |
continuous | [edit security alarms audible] |
