A good place to look for feature support is http://pathfinder.juniper.net/home/ where you can search by product type or by feature (among other things).
A search for MACsec for switch to switch connections yeilds the following: http://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=6117&fn=Media%20Access%20Control%20Security%20%28MACsec%29%20for%20switch%20to%20switch%20connections I don't believe that MACsec is currently supported on any interfaces other than 1G/10G sfp/sfp+ interfaces regardless of platform at this time. -- Damien On Mon, Dec 14, 2015 at 6:39 PM, Kevin Day <toa...@dragondata.com> wrote: > My quick notes, since I just went through MACsec research recently: > > > MX: Only supported on MIC-3D-20GE-SFP-E > > EX9200: Only supported on EX9200-40FE, and only on even numbered ports. > Unclear if a license is needed or not. > > EX4200: Only supported on ports on optional EX-UM-2X4SFP-M module. > Requires EX-QFX-MACSEC-ACC license. > > EX4300-24T/24P/48T/48P/32F: Supports MACsec on all ports (24 or 48x1G and > 4x10G). Requires EX-QFX-MACSEC-ACC license > > EX4550-32F(but not 32T): Supports MACsec on all ports. Produces a fair > amount of heat if you have all ports doing MACsec at once, possibly over > the data sheet’s rated wattage limit - add 8W per macsec enabled port. > Requires EX-QFX-MACSEC-AGG (not -ACC like above) license. > > EX4600: Supports MACsec on all built in ports, as well as on any > EX4600-EM-8F modules. Only works on 10G ports though, will not work on 1G > modules. Also does not support “switch-to-host” mode, “switch-to-switch” > mode only. Requires EX-QFX-MACSEC-AGG. > > QFX5100-24Q: Support only on the 8 ports on an optional EX4600-EM-8F > module, not the built in ports. 10G only. Does not support “switch-to-host” > mode. Requires EX-QFX-MACSEC-AGG license. > > > They also explicitly say they don’t support MACsec on copper SFP/SFP+ > modules, but it seems to work here. > > > > > On Dec 14, 2015, at 5:23 PM, Jeff McAdams <je...@iglou.com> wrote: > > > > Last I checked (a month or so ago?) there is only a single MIC (20x1gbps > maybe) that can do MacSec on the MX. I think the plan is for future MPCs to > support it with any enet MICs connected, but it's not there, yet. > > > > I don't know for the full QFX line, but the EX4600s I have supposedly > can do line-rate (or at least very close) MacSec on all ports. I haven't > had the opportunity, yet, to actually try it. > > > > If FIPS 140-2 compliance is relevant for you, MacSec is currently > excluded from FIPS 140-2 validation. > > > > -- > > Jeff > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp