connectivity-association (MX Series)
Syntax
connectivity-association connectivity-association-name {
exclude-protocol protocol-name;
include-sci;
mka {
bounded-delay;
key-server-priority priority-number;
must-secure;
should-secure;
transmit-interval interval;
eapol-address (pae | provider-bridge | lldp-multicast | destination unicast-address);
}
no-encryption;
offset (0|30|50);
pre-shared-key {
cak hexadecimal-number;
ckn hexadecimal-number;
}
replay-protect{
replay-window-size number-of-packets;
}
secure-channel secure-channel-name {
direction (inbound | outbound);
encryption ;
id {
mac-address mac-address;
port-id port-id-number;
}
offset (0|30|50);
security-association security-association-number {
key key-string;
}
}
security-mode security-mode;
}
Hierarchy Level
[edit security macsec]
Description
Create or configure a MACsec connectivity association.
A connectivity association is not applying MACsec to traffic until it is associated
with an interface. MACsec connectivity associations are associated with interfaces using the interfaces statement in the [edit security macsec] hierarchy.
Default
No connectivity associations are present, by default.
Options
| connectivity-association-name | Name of the MACsec connectivity association.
|
The remaining statements are explained separately.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1.