key (MACsec)
Syntax
key key-string;
Hierarchy Level
[edit security macsec connectivity-association connectivity-association-name secure-channel secure-channel-name security-association security-association-number]
Description
Specifies the static security key to exchange to enable MACsec using static secure association key (SAK) security mode.
The key string is a 32-digit hexadecimal number. The key string and the security association must match on both sides of an Ethernet connection to secure traffic using MACsec when enabling MACsec using SAK security mode.
You must configure at least two security associations with unique security association numbers and key strings to enable MACsec using static SAK security mode. MACsec initially establishes a secure connection when a security association number and key match on both ends of an Ethernet link. After a certain number of Ethernet frames are securely transmitted across the Ethernet link, MACsec automatically rotates to a new security association with a new security association number and key to maintain the secured Ethernet link. This rotation continues each time a certain number of Ethernet frames are securely transmitted across the secured Ethernet link, so you must always configure MACsec to have at least two security associations.
Default
This statement does not have a default value.
Options
key-string | Specifies the key to exchange with the other end of the link on the secure channel. The key-string is a 32-digit hexadecimal string that is created by the user. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.