Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

disable-preceding-key

Syntax

Hierarchy Level

Description

Disable the preceding pre-shared key (PSK) so that the fallback PSK is used to establish a MACsec connection during a pre-shared-key change event.

When you enable MACsec using static CAK security mode, a preshared PSK is exchanged between the devices on each end of the point-to-point Ethernet link. The PSK must match across devices for a MACsec session to be established. If the primary PSK is changed on one device but not the other, the mismatch is resolved by using the older primary PSK. This is a temporary key known as the preceding PSK, and is not configurable.

If a fallback PSK is configured, it will not take effect if the MACsec session is live with the preceding PSK. You can configure the disable-preceding-key statement so that the session immediately switches to using the fallback PSK if there is a change to the primary PSK.

Default

By default, the preceding PSK takes priority over the fallback PSK. Configure the disable-preceding-key to override this behavior.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.2R1.

Related Documentation