Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Start Time is not the Same in the Keys Used in the Participating Nodes
Problem
Description: If the start time is not same in the keys used in both the nodes, MKA session is not established.
Solution
To check whether the same keychain start time is specified in both the nodes, execute the following command in both the nodes and check the start time of the key:
user@host# show security
authentication-key-chains
If the key start time is not same, change it accordingly following the procedure at Configuring MACsec Using PSK Hitless Rollover Keychain on MX2020 and MX2010 Routers (Recommended for Enabling MACsec on Router-to-Router Links):
user@host# set security authentication-key-chains
key-chain key_chain_name key key_name start-time start_time
user@host# set security authentication-key-chains key-chain test_key_chain key 1 start-time 2018-01-28.07:20
Sample Output
user@host# show security authentication-key-chains
key-chain pskchain1 {
key 0 {
secret "$9$RmycevM8Xx-VyrwY2gJZFn6/p0O1RESrCAevMWx7UjiHP5Tz3n9Aq.p0OBEh-Vbw4aJGDjk.Y2P5TQn6Srl"; ## SECRET-DATA
key-name 100000000000;
start-time "2018-2-23.01:06:35 -0800";
}
key 1 {
secret "$9$VcsoJZUjiqm2gfTQz6/yleKLx7-VbYgMWoJZGiHCtpuIEhSrlvWOBLx7NbwqmPfFn69At0BTQIEhcle24o"; ## SECRET-DATA
key-name 100000000001;
start-time "2018-2-23.01:08:35 -0800";
}
key 2 {
secret "$9$1WMEreKM8L7-cSVwsYoaQF3nApuO1IhS/9reKvLXZUDj.PfTzF69HkApu0IR7-dV24oJGUikws.Pf5F3Srl"; ## SECRET-DATA
key-name 100000000002;
start-time "2018-2-23.01:10:35 -0800";
}
}
