Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


exclude-protocol (MX Series)


Hierarchy Level


Specifies protocols whose packets are not secured using Media Access Control Security (MACsec) when MACsec is enabled on a link using static connectivity association key (CAK) security mode.

When this option is enabled in a connectivity association that is attached to an interface, MACsec is not enabled for all packets of the specified protocols that are sent and received on the link.



All packets are secured on a link when MACsec is enabled, with the exception of all types of Spanning Tree Protocol (STP) packets.



Specifies the name of the protocol that should not be MACsec-secured. Options include:

  • cdp—Cisco Discovery Protocol.

  • lacp—Link Aggregation Control Protocol.

  • lldp—Link Level Discovery Protocol.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1.