In the end I discovered that CCC, l2circuit, etc. work fine for transporting regular MACsec, no need for "WAN MACsec" or special commands to forward dot1x frames.
I also got this to work with 2 links at the same time between the same 2 switches. The problem I was having was related to using 1g SFP's in EX-UM-4X4SFP in the EX4300-48P. You have to turn off auto-neg and force the speed to 1g. You also have to restart the PIC or reboot after changing an optic from 10gig to 1gig or vice versa. On Fri, Nov 17, 2017 at 11:25:23PM +0000, Alex K. wrote: > * As long as you have pure p2p links, you should be fine - Juniper gear > meant. > > בתאריך 18 בנוב' 2017 1:20 AM, "Alex K." <nsp.li...@gmail.com> כתב: > > > Yes, > > > > But unfortunately (as far as j-nsp is considered), using Ciscos' gear. > > > > Cisco has a special flavor of MACSec, intended to address that issue > > exactly - they call it WAN MACSes. We was able to use across many different > > SP circuits. As long as you have pure p2p links (real or stimulated), you > > should be fine. Unfortunately, I'm not aware of any similar Juniper > > technique. > > > > Best regards, > > Alex. > > > > בתאריך 27 באוק' 2017 5:23 PM, "Chuck Anderson" <c...@wpi.edu> כתב: > > > > Has anyone been able to run MACsec over a service provider's Ethernet > > Private Line (or even just a 802.1q vlan)? I'm looking at using 10gig > > ports on the EX4300 or the EX4600/QFX5100-24Q with the MACsec uplink > > module. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp