include-sci
Syntax
include-sci;
Hierarchy Level
[edit security macsec connectivity-association connectivity-association-name]
Description
Specifies that the SCI tag should be appended to each packet on a link that has enabled MACsec.
You must enable SCI tagging on a switch that is enabling MACsec on an Ethernet link connecting to an EX4300 or EX4600 switch.
SCI tags are automatically appended to packets leaving a MACsec-enabled interface on EX4300 or EX4600 switches, so this option is not available on these switches.
You should only use this option when connecting a switch to an EX4300 or EX4600 switch, or to a host device that requires SCI tagging. SCI tags are eight octets long, so appending an SCI tag to all traffic on the link adds a significant amount of unneeded overhead.
Default
SCI tagging is enabled by default on SRX Series Firewalls, EX4300 and EX4600 switches that have enabled MACsec using static connectivity association key (CAK) security mode.
SCI tagging is disabled on all other interfaces, by default.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.
Statement introduced for SRX Series Firewalls in Junos OS Release 15.1X49-D60.