Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

ckn

Syntax

Hierarchy Level

Description

Specifies the connectivity association key name (CKN) for a preshared key.

A preshared key includes a CKN and a connectivity association key (CAK). A preshared key is exchanged between two devices at each end of a point-to-point link to enable MACsec using dynamic security keys. The CKN is a 64-digit hexadecimal number and the CAK is a 32-digit hexadecimal number. The MACsec Key Agreement (MKA) protocol is enabled once the preshared keys are successfully exchanged. The preshared key—the CKN and CAK—must match on both ends of a link.

To configure MACsec on supported ports, you need to create the preshared key by configuring the connectivity association key name (CKN) and connectivity association key (CAK).

Default

No CKN exists, by default.

Options

hexadecimal-number

The key name, in hexadecimal format.

The key name is 64 hexadecimal characters in length. To maximize security, we recommend configuring all 64 digits of a CKN. If you enter a key name that is less then 64 characters long, the remaining characters are set to 0. However, you will receive a warning message when you commit the configuration.

On SRX devices, the key name is 32 hexadecimal characters in length. If you enter a key name that is less than 32 characters long, the remaining characters are set to 0.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 13.2X50-D15.

Statement introduced on SRX devices in Junos OS Release 15.1X49-D60.