- play_arrow Working With Network Director
- play_arrow About Network Director
- play_arrow Installing Network Director
- play_arrow Accessing Network Director
- play_arrow Understanding Network Director System Administration and Preferences
- play_arrow Getting Started with Network Director
-
- play_arrow Working with the Dashboard
- play_arrow About the Dashboard
- play_arrow Using the Dashboard
- play_arrow Dashboard Widget Reference
-
- play_arrow Working in Deploy Mode
- play_arrow About Deploy Mode
- play_arrow Deploying and Managing Device Configurations
- Deploying Configuration to Devices
- Managing Configuration Deployment Jobs
- Deploy Configuration Window
- Importing Configuration Data from Junos OS Configuration Groups
- Enabling High-Frequency Traffic Statistics Monitoring on Devices
- Configuring Network Traffic Analysis
- Approving Change Requests
- Enabling SNMP Categories and Setting Trap Destinations
- Understanding Resynchronization of Device Configuration
- Resynchronizing Device Configuration
- Managing Device Configuration Files
- Creating and Managing Baseline of Device Configuration Files
- play_arrow Deploying and Managing Software Images
- play_arrow Managing Devices
- play_arrow Setting Up Zero Touch Provisioning for Devices
-
- play_arrow Monitoring Devices and Traffic
- play_arrow About Monitor Mode
- play_arrow Monitoring Traffic
- play_arrow Monitoring Client Sessions
- play_arrow Monitoring Devices
- play_arrow Monitoring and Analyzing Fabrics
- play_arrow Monitoring Virtual Networks
- play_arrow General Monitoring
- play_arrow Monitor Reference
- 802.11 Packet Errors Monitor
- Access vs. Uplink Port Utilization Trend Monitor
- Current Sessions Monitor
- Current Sessions by Type Monitor
- Error Trend Monitor
- Equipment Summary By Type Monitor
- Node Device Summary Monitor
- Port Status Monitor
- Port Status for IP Fabric Monitor
- Port Utilization Monitor
- Power Supply and Fan Status Monitor
- Resource Utilization Monitor for Switches, Routers, and Virtual Chassis
- Top Users Monitor
- Top Sessions by MAC Address Monitor
- Session Trends Monitor
- Status Monitor for Junos Fusion Systems
- Status Monitor for Layer 3 Fabrics
- Status Monitor for Switches and Routers
- Status Monitor for Virtual Chassis
- Status Monitor for Virtual Chassis Members
- Top Talker - Wired Devices Monitor
- Traffic Trend Monitor
- Unicast vs Broadcast/Multicast Monitor
- Unicast vs Broadcast/Multicast Trend Monitor
- User Session Details Window
- Virtual Chassis Topology Monitor
- VC Equipment Summary By Type Monitor
-
- play_arrow Using Fault Mode
- play_arrow About Fault Mode
- play_arrow Using Fault Mode
- play_arrow Fault Reference
-
- play_arrow Working in Report Mode
- play_arrow About Report Mode
- play_arrow Creating and Managing Reports
- play_arrow Report Reference
-
- play_arrow Working with Network Director Mobile
- play_arrow About Network Director Mobile
- play_arrow Getting Started with Network Director Mobile
- play_arrow Working in the Network Director Mobile Dashboard Mode
- play_arrow Working in the Network Director Mobile Devices Mode
-
Media Access Control Security Overview
Media Access Control Security (MACsec) is an industry-standard security technology that provides secure communication on Ethernet links. MACsec enables you to secure Ethernet links between two MACsec-capable devices.You can enable MACsec on point-to-point Ethernet links using static secure association key (SAK) security mode or static connectivity association key (CAK) security mode.
When you enable MACsec using the static CAK security mode, a connectivity association key and a randomly generated secure association key are exchanged between the devices on each point-to-point Ethernet link. After the matching pre-shared keys are successfully exchanged, MACsec enables MKA protocol on the devices. The MKA protocol maintains MACsec on the link, and decides which switch on the point-to-point link becomes the key server. The key server then creates an SAK that is shared with the switch at the other end of the point-to-point link only, and that SAK is used to secure all data traffic traversing the link. The key server will continue to periodically create and share a randomly-created SAK over the point-to-point link for as long as MACsec is enabled. A pre-shared key includes a connectivity association name (CKN) and its own connectivity association key (CAK). The CKN and CAK are configured by the user in the connectivity association and must match on both ends of the link to initially enable MACsec.
A pre-shared key includes a connectivity association name (CKN) and its own connectivity association key (CAK). You can configure the CKN and CAK in the connectivity association and these values must match on both ends.
When you enable MACsec using static SAK security mode, you must configure the secure channels between the point-to-point Ethernet link. The secure channels are responsible for transmitting and receiving data on the MACsec-enabled link, and also responsible for transmitting SAKs across the link to enable and maintain MACsec. A typical connectivity association when MACsec is enabled using SAK security mode contains two secure channels—one secure channel for inbound traffic and another secure channel for outbound traffic. You must configure the SAK settings manually, there is no key server or other tool that creates SAKs. Security is maintained on the point-to-point Ethernet link by periodically rotating between the two security keys. Each security key name and value must have a corresponding matching value on the interface at the other end of the point-to-point Ethernet link to maintain MACsec on the link.
MACsec is widely used in campus deployments to secure network traffic between endpoints and access switches. You can enable MACsec on extended ports in a Junos Fusion Enterprise topology to provide secure communication between the satellite device and connected hosts. Network Director supports MACsec configuration for a Junos Fusion Enterprise setup. You can create a profile for the MACsec configuration and assign the profiles to the extended ports of the satellite devices in a Junos Fusion Enterprise setup.
For more information about MACsec, see Understanding Media Access Control Security (MACsec).
