Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

eapol-address (MACSec)

Syntax

Hierarchy Level

Description

Configure an EAPoL destination MAC address. The eapol-address pae is the default configuration.

To establish a MACsec session, MACsec Key Agreement PDUs (MKPDUs) are sent or received between nodes. These PDUs are Extensible Authentication Protocol over LAN (EAPoL) packets and, by default, their destination MAC address is the EAPoL multicast address 01:80:C2:00:00:03.

If the nodes are connected through a provider network, the multicast packets might be consumed or dropped, depending on their configuration. To overcome this issue, you can configure the destination MAC address. The configuration must match on both peer nodes to establish the MACsec session.

Note:

  • The pae, provider-bridge, and lldp-multicast options are multicast addresses. You can configure a unicast address using the destination option.

  • It is assumed that the adjacency between both the nodes is guaranteed by the provider network. The MKPDUs are not VLAN-tagged and include multicast address as their destination address. It is also also assumed that the provider network has a configuration to transfer the untagged MKPDUs to the destination node.

Default

Port Access Entity (PAE) group address (01:80:C2:00:00:03).

Options

pae

The Port Access Entity option is mapped to MAC address 01:80:C2:00:00:03. Do not use if 802.1X authentication is configured on the provider network.

provider-bridge

The provider bridge option is mapped to MAC address 01:80:C2:00:00:00. Do not use if STP/RSTP/MSTP protocols are configured on the provider network.
lldp-multicast

The Link Level Discovery Protocol multicast option is mapped to MAC address 01:80:C2:00:00:0E. Do not use if LLDP is configured on the provider network.
destination unicast-address

The unicast address option is a configurable MAC address.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.2R1.

Option for destination unicast address introduced in Junos OS Release 19.3R1 for MX Series routers.

Related Documentation