Configuring of MACsec for three EX4300 Switches
switch999 at tutanota.com
switch999 at tutanota.com
Fri Oct 23 14:23:15 UTC 2020
Hi,
following only the required configuration of
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html
for
# Configuring MACsec Using Static Connectivity Association Key (CAK) Mode
works fine for two switches, but with a third EX4300 in the middle not.
Thus, could anyone please help what is required to ensure connectivity through
three EX4300?
Even the configuration (A; with several tries) on the outer sides switches such as
e.g. given for (one port) per switch
jack at cs2# set security macsec connectivity-association ca1 mka eapol-address provider-bridge
jack at cs2# set security macsec connectivity-association ca1 mka eapol-address lldp-multicast
jack at cs2# set protocols layer2-control mac-rewrite interface ge-0/0/13 protocol ieee8021
worked not for the three EX4300.
Tunneling through a EX4200, in the middle (via vlan, snippet see below) worked fine, even without the
configuration (A) at the outer sides switches, only with the most important commands
given in https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html.
Any idea why tunneling through the middle EX4300 failed? (Used version: 17.3R3-S9.3!)
Regards,
Jack
# PS: What is the equivalent code for EX4300 from the EX4200 code
vlan-id 55;
dot1q-tunneling {
layer2-protocol-tunneling {
all;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201023/d01777bf/attachment.html>
More information about the NANOG
mailing list