Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

MACsec

  • Support for a custom EAPoL EtherType to improve network tunneling of MACsec packets (MX240, MX304, MX480, MX960, MX10004, and MX10008)—MACsec uses Extensible Authentication Protocol over LAN (EAPoL) as a transport protocol to establish sessions. Some networks filter packets based on their EtherType value. By default, the EtherType for all EAPoL packets is 0x888e. To ensure the network tunnels the MACsec packets properly, you can set a custom EtherType for EAPoL packets. On interfaces where a custom EAPoL EtherType is enabled, 802.1X authentication is not supported. Features dependent on it such as dynamic connectivity association key (CAK) are also not supported.

    To configure the EAPoL EtherType, use the ether-type ether-type-value statement at the [edit forwarding-options custom-eapol-ether-type-profiles eapol-profile-name] hierarchy level. You must use an EtherType that isn't already reserved for another use. To apply the EtherType to MACsec packets, configure the eapol-ethertype-profile eapol-profile-name statement at the [edit security macsec connectivity-association ca-name mka] hierarchy level.

    To view the new EtherType profile, use the show security mka sessions detail command.

    [See Media Access Control Security (MACsec) over WAN.]