MACsec

Automatic adjustment of MTU for MACsec overhead (ACX7100-32C, ACX7100-48L, ACX7332, ACX7348, ACX7509, ACX7024, ACX7024X, PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, and PTX10016)—Use this feature to automatically adjust the maximum transmission unit (MTU) for the Media Access Control Security (MACsec) overhead. Without this feature, you must adjust the interface MTU and the protocol MTU manually.

Use this feature to ensure the interface or protocol MTU is adjusted properly to account for the MACsec overhead. This feature is disabled by default. To enable this feature, first enable MACsec. Then configure the enable-auto-mtu-update statement at the [edit security macsec] hierarchy level. This feature applies to physical interfaces, logical interfaces, and physical interfaces that are members of aggregated Ethernet interfaces.

[See Media MTU and Protocol MTU.]

Support for a custom EAPoL EtherType to improve network tunneling of MACsec packets (ACX7100-32C, ACX7332, ACX7348, and ACX7509)—MACsec uses Extensible Authentication Protocol over LAN (EAPoL) as a transport protocol to establish sessions. Some networks filter packets based on their EtherType value. By default, the EtherType for all EAPoL packets is 0x888e. To ensure the network tunnels the MACsec packets properly, you can set a custom EtherType for EAPoL packets.

To configure an EAPoL profile with a custom EtherType, use the ether-type ether-type-value statement at the [edit forwarding-options custom-eapol-ether-type-profiles eapol-profile-name] hierarchy level. To apply the EtherType to MACsec packets, configure the eapol-ethertype-profile eapol-profile-name statement at the [edit security macsec connectivity-association ca-name mka] hierarchy level.

[See Media Access Control Security (MACsec) over WAN, custom-eapol-ethertype-profiles, and mka.]