Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cak

Syntax

Hierarchy Level

Description

Specifies the connectivity association key (CAK) for a preshared key.

A preshared key includes a connectivity association key name (CKN) and a CAK. A preshared key is exchanged between two devices at each end of a point-to-point link to enable MACsec using dynamic security keys. The CKN is a 64-digit hexadecimal number and the CAK is a 32-digit hexadecimal number. The MACsec Key Agreement (MKA) protocol is enabled once the preshared keys are successfully exchanged. The preshared key—the CKN and CAK—must match on both ends of a link.

To configure MACsec on the supported ports, you need to create the preshared key by configuring the connectivity association key name (CKN) and connectivity association key (CAK).

Default

No CAK exists, by default.

Options

hexadecimal-number

The key name, in hexadecimal format.

For AES-128 the CAK key length is 32 hexadecimal characters, and for AES-256 it is 64. If you enter a key name with fewer characters than the standard (32 for cipher-suite gcm-aes-128, and 64 for cipher-suite gcm-aes-256), Junos will automatically fill in the remaining characters with zeros.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 13.2X50-D15.

Statement introduced for SRX devices in Junos OS Release 15.1X49-D60.