cak (MX Series)
Syntax
cak hexadecimal-number;
Hierarchy Level
[edit security macsec connectivity-association connectivity-association-name pre-shared-key]
Description
Specifies the connectivity association key (CAK) for a pre-shared key.
A pre-shared key includes a connectivity association key name (CKN) and a CAK. A pre-shared key is exchanged between two devices at each end of a point-to-point link to enable MACsec using dynamic security keys. The MACsec Key Agreement (MKA) protocol is enabled once the pre-shared keys are successfully exchanged. The pre-shared key—the CKN and CAK—must match on both ends of a link
Default
No CAK exists, by default.
Options
hexadecimal-number | The key name, in hexadecimal format. For AES-128 the CAK key length is 32 hexadecimal characters, and for AES-256 it is 64. If you enter a key name with fewer characters than the standard (32 for cipher-suite gcm-aes-128, and 64 for cipher-suite gcm-aes-256), Junos will automatically fill in the remaining characters with zeros. On MX10003 routers, to maximize the security, it is recommended to configure CAK of even length. If you configure the length of CAK to an odd value, you'll receive a warning message. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1.