Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

bounded-delay

Syntax

Hierarchy Level

Description

Configure bounded delay to ensure that a Media Access Control Security (MACsec) frame will not be delivered after a delay of two seconds or more. This ensures that a delay of MACsec frames resulting from a man-in-the-middle attack will not go undetected.

When you configure bounded delay, you must also configure replay protection by setting the replay-window-size. This is the window during which duplicate and replay packets are allowed. Bounded delay takes precedence over replay protection. You can increase the effectiveness of bounded delay protection by configuring a lower value for the window size.

Note:

Bounded delay impacts CPU utilization which can degrade performance. We recommend only configuring bounded delay on interfaces on which it is absolutely required.

Default

Bounded delay is not enabled by default.

Required Privilege Level

security

Release Information

Statement introduced in Junos OS Release 21.1R1.