Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Start Time is not the Same in the Keys Used in the Participating Nodes


    Description: If the start time is not same in the keys used in both the nodes, MKA session is not established.


    To check whether the same keychain start time is specified in both the nodes, execute the following command in both the nodes and check the start time of the key:

    user@host# show security authentication-key-chains

    If the key start time is not same, change it accordingly following the procedure at Configuring MACsec Using PSK Hitless Rollover Keychain on MX2020 and MX2010 Routers (Recommended for Enabling MACsec on Router-to-Router Links):

    user@host# set security authentication-key-chains key-chain key_chain_name key key_name start-time start_time
    user@host# set security authentication-key-chains key-chain test_key_chain key 1 start-time 2018-01-28.07:20

    Sample Output

    user@host# show security authentication-key-chains
    key-chain pskchain1 {
        key 0 {
            secret "$9$RmycevM8Xx-VyrwY2gJZFn6/p0O1RESrCAevMWx7UjiHP5Tz3n9Aq.p0OBEh-Vbw4aJGDjk.Y2P5TQn6Srl"; ## SECRET-DATA
            key-name 100000000000;
            start-time "2018-2-23.01:06:35 -0800";
        key 1 {
            secret "$9$VcsoJZUjiqm2gfTQz6/yleKLx7-VbYgMWoJZGiHCtpuIEhSrlvWOBLx7NbwqmPfFn69At0BTQIEhcle24o"; ## SECRET-DATA
            key-name 100000000001;
            start-time "2018-2-23.01:08:35 -0800";
        key 2 {
            secret "$9$1WMEreKM8L7-cSVwsYoaQF3nApuO1IhS/9reKvLXZUDj.PfTzF69HkApu0IR7-dV24oJGUikws.Pf5F3Srl"; ## SECRET-DATA
            key-name 100000000002;
            start-time "2018-2-23.01:10:35 -0800";

    Modified: 2018-02-28