mka
Syntax
mka {
must-secure;
key-server-priority priority-number;
transmit-interval interval;
}
Syntax (SRX Series Firewalls)
mka {
bounded-delay;
disable-icv-indicator;
eapol-address(lldp-multicast | pae | provider-bridge | unicast-address);
key-server-priority key-server-priority;
sak-rekey-interval <varname>seconds</varname>;
should-secure;
suspend-for;
suspend-on-request;
transmit-interval milliseconds;
}
Hierarchy Level
[edit security macsec connectivity-association connectivity-association-name]
Description
Specify parameters for the MACsec Key Agreement (MKA) protocol. You initially establish a MACsec-secured link using a pre-shared key when you are using static CAK security mode to enable MACsec. Once matching pre-shared keys are successfully exchanged, the MACsec Key Agreement (MKA) protocol is enabled. The MKA protocol is responsible for maintaining MACsec on the link, and decides which switch on the point-to-point link becomes the key server. The key server then creates an SAK that is shared with the switch at the other end of the point-to-point link only, and that SAK is used to secure all data traffic traversing the link.
Options
The remaining statements are explained separately.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 13.2X50-D15.
Statement introduced for SRX Series Firewalls in Junos OS Release 15.1X49-D60.