Hi Matt,
> This is probably a feature request, but maybe another
> creative solution is possible? Thanks.
What if you simply periodically check the address on IRB interface and if
this differs from the LLDP management-address, then configure latter
accordingly? Something like this:
Interesting. I wonder if this falls under "This is implemented, but not
supported by JTAC." You'd have to actually try it to see...
On Wed, Nov 27, 2019 at 01:18:29PM -0600, Aaron Gould wrote:
> [edit]
> me@site2-204-3# show | compare
> [edit]
> + security {
> + macsec {
> +
[edit]
me@site2-204-3# show | compare
[edit]
+ security {
+ macsec {
+ connectivity-association my-ca1 {
+ security-mode static-cak;
+ mka {
+ transmit-interval 6000;
+ key-server-priority 0;
+ }
+
On Wed, Nov 27, 2019 at 12:54:01PM -0600, Aaron Gould wrote:
> Before or after I do that config test ? Asking since I didn't commit that
> as it's on a MX204 in a far-away place during a thanksgiving week
> network-change moratorium, I'm treading on thin ice. LOL
Either. No need to commit,
Before or after I do that config test ? Asking since I didn't commit that
as it's on a MX204 in a far-away place during a thanksgiving week
network-change moratorium, I'm treading on thin ice. LOL
-Aaron
___
juniper-nsp mailing list
Can you do "show security" and see if there as a message about "unsupported"?
On Wed, Nov 27, 2019 at 10:50:07AM -0600, Aaron Gould wrote:
> Not knowing much about this, but going from this site's guidance ( I stopped
> halfway down the page ) ,
>
--- Begin Message ---
So it looks SW allows for the commands, as other MX products do have MACsec
support. I am 99.999% sure these commands will do nothing but make your config
file larger.
Thanks for the input. Rich
Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342
I’d
Not knowing much about this, but going from this site's guidance ( I stopped
halfway down the page ) ,
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html
...i did the following...
[edit]
me@site2-204-3# show | compare
[edit]
+
--- Begin Message ---
Oh, I am sure the commands are there in the CLI as Juniper generally does not
"hide' non-affecting functions from the CLI, on a per product basis. If
actually used you 'might' get a "unsupported on this platform" message, when
you try to commit. For sure if used, these
I don't know much about this, but, for what it's worth, I do see this on one
of my MX204's...
me@site2-204-3# set security macsec connectivity-association test ?
Possible completions:
<[Enter]>Execute this command
+ apply-groups Groups from which to inherit configuration
--- Begin Message ---
I am fairly certain the original link that Graham posted -
https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFName=Media%20Access%20Control%20Security%20(MACsec)
- where it shows that the MX204 has support for Unicast MAC DA for MACsec is
inaccurate.
11 matches
Mail list logo