cak
Syntax
ckn hexadecimal-number;
Hierarchy Level
[edit security macsec connectivity-association connectivity-association-name pre-shared-key], [edit security macsec connectivity-association connectivity-association-name fallback-key]
Description
Specifies the connectivity association key (CAK) for a preshared key.
A preshared key includes a connectivity association key name (CKN) and a CAK. A preshared key is exchanged between two devices at each end of a point-to-point link to enable MACsec using dynamic security keys. The CKN is a 64-digit hexadecimal number and the CAK is a 32-digit hexadecimal number. The MACsec Key Agreement (MKA) protocol is enabled once the preshared keys are successfully exchanged. The preshared key—the CKN and CAK—must match on both ends of a link.
To configure MACsec on the supported ports, you need to create the preshared key by configuring the connectivity association key name (CKN) and connectivity association key (CAK).
Default
No CAK exists, by default.
Options
hexadecimal-number | The key name, in hexadecimal format. For AES-128 the CAK key length is 32 hexadecimal characters, and for AES-256 it is 64. If you enter a key name with fewer characters than the standard (32 for cipher-suite gcm-aes-128, and 64 for cipher-suite gcm-aes-256), Junos will automatically fill in the remaining characters with zeros. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.
Statement introduced for SRX devices in Junos OS Release 15.1X49-D60.