connectivity-association
Syntax
connectivity-association connectivity-association-name {
cipher-suite (MACsec) encryption-algorithm-name;
exclude-protocol protocol-name;
fallback-key {
cak hexadecimal-number;
ckn hexadecimal-number;
}
include-sci;
mka {
must-secure;
key-server-priority priority-number;
transmit-interval interval;
}
no-encryption;
offset (0|30|50);
pre-shared-key {
cak hexadecimal-number;
ckn hexadecimal-number;
}
replay-protect{
replay-window-size number-of-packets;
}
secure-channel secure-channel-name {
direction (inbound | outbound);
encryption (MACsec);
id {
mac-address mac-address;
port-id port-id-number;
}
offset (0|30|50);
security-association security-association-number {
key key-string;
}
}
security-mode security-mode;
}
Syntax (SRX Series Firewalls)
connectivity-association connectivity-association-name;
exclude-protocol protocol-name;
include-sci;
mka {
must-secure;
key-server-priority priority-number;
transmit-interval interval;
}
no-encryption;
offset (0|30|50);
pre-shared-key {
cak hexadecimal-number;
ckn hexadecimal-number;
}
replay-protect{
replay-window-size number-of-packets;
}
security-mode security-mode;
}
Hierarchy Level
[edit security macsec]
Description
Create or configure a MACsec connectivity association.
A connectivity association is not applying MACsec to traffic until it is associated with an interface. MACsec connectivity associations are associated with interfaces using the interfaces statement in the [edit security macsec] hierarchy.
Default
No connectivity associations are present, by default.
Options
The remaining statements are explained separately.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.
Statement introduced on SRX Series Firewalls in Junos OS Release 15.1X49-D60.