<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
<div><br></div><div><span style=""><span class="font" style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;">Hi, </span><br> <br>following only the required configuration of <br><a href="https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html">https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html</a> <br>for <br><span style="color:#1818b2;background-color:#b2b2b2;"># Configuring MACsec Using Static Connectivity Association Key (CAK) Mode</span><span style="color:#000000;background-color:#ffffff;"> </span><br> <br>works fine for two switches, but with a third EX4300 in the middle not. <br> <br>Thus, could anyone please help what is required to ensure connectivity through <br>three EX4300? <br> <br>Even the configuration <span style="color:#000000;background-color:#b2b2b2;">(A; with several tries)</span><span style="color:#000000;background-color:#ffffff;"> on the outer sides switches such as </span><br>e.g. given for (one port) per switch <br>jack@cs2<span style="color:#ffffff;background-color:#686868;"># set security macsec connectivity-association ca1 mka eapol-address provider-bridge </span><span style="color:#000000;background-color:#ffffff;"> </span><br>jack@cs2<span style="color:#ffffff;background-color:#686868;"># set security macsec connectivity-association ca1 mka eapol-address lldp-multicast     </span><span style="color:#000000;background-color:#ffffff;"> </span><br>jack@cs2<span style="color:#ffffff;background-color:#686868;"># set protocols layer2-control mac-rewrite interface ge-0/0/13 protocol ieee8021</span><span style="color:#000000;background-color:#ffffff;"> </span><br>worked not for the three EX4300. <br> <br>Tunneling through a EX4200, in the middle <span style="color:#000000;background-color:#b2b2b2;">(via vlan, snippet see below)</span><span style="color:#000000;background-color:#ffffff;"> worked fine, even without the  </span><br>configuration <span style="color:#000000;background-color:#b2b2b2;">(A)</span><span style="color:#000000;background-color:#ffffff;"> at the outer sides switches, only with the most important commands </span><br>given in <a href="https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html">https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/macsec-configuring-mx-series.html</a>. <br> <br>Any idea why tunneling through the middle EX4300 failed? <span style="color:#000000;background-color:#b2b2b2;">(Used version: 17.3R3-S9.3!)</span><span style="color:#000000;background-color:#ffffff;"> </span><br> <br>Regards, <br>Jack <br> <br> <br><span style="color:#1818b2;background-color:#b2b2b2;"># PS: What is the equivalent code for EX4300 from the EX4200 code</span><span style="color:#000000;background-color:#ffffff;"> </span><br>        vlan-id 55;  <br>        dot1q-tunneling { <br>            layer2-protocol-tunneling { <br>                all; <br>            }   <br> </span></span></div>  </body>
</html>