Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

fallback-key

Syntax

Hierarchy Level

Description

Specifies the fallback preshared key (PSK) to be used to enable MACsec using static connectivity association key (CAK) security mode. You can configure a fallback PSK to prevent traffic loss in case the primary PSK fails to establish a connection.

When you enable MACsec using static CAK security mode, a preshared PSK is exchanged between the devices on each end of the point-to-point Ethernet link. The PSK is includes a connectivity association name (CKN) and a connectivity association key (CAK). The PSK must match across devices for a MACsec session to be established. If there is a mismatch, the session will not be established and all packets will be dropped. The fallback PSK is used when the primary PSK does not match for the initial MACsec negotiation.

Default

Fallback PSK is not enabled by default.

Options

The remaining statements are explained separately.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.2R1.

Related Documentation