Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


ckn (MX Series)


Hierarchy Level


Specifies the connectivity association key name (CKN) for a pre-shared key.

A pre-shared key includes a CKN and a connectivity association key (CAK). A pre-shared key is exchanged between two devices at each end of a point-to-point link to enable MACsec using dynamic security keys. The MACsec Key Agreement (MKA) protocol is enabled once the pre-shared keys are successfully exchanged. The pre-shared key—the CKN and CAK—must match on both ends of a link


No CKN exists, by default.



The key name, in hexadecimal format.

The key name is 32 hexadecimal characters in length. If you enter a key name that is less then 32 characters long, the remaining characters are set to 0.

  • On MX10003 router, if you configure the length of CKN to the value less than 64 hexadecimal digits, then the following warning message is displayed:

    warning: To maximize security, recommend configuring all 64 digits of pre-shared-key ckn

  • On MX10003 router, if you configure the length of CKN to an odd value, then the commit will not be successful and the following error message is displayed:

    error: ckn: 'abcde': Must be an even-length string up to 64 hexadecimal digits (0-9, a-f, A-F)

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1.