Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring more than 2 sessions of MACSEC on EX4550 results in unexpected behavior

0

0

Article ID: KB31544 KB Last Updated: 15 Jan 2018Version: 1.0
Summary:

When there are more than 2 sessions of MACSEC on EX4550, unexpected behavior is observed. This is a limitation on EX4550 where it can handle only 2 MACSEC sessions.

Symptoms:

The ports may flap.

Solution:

This is a limitation on EX4550 where it can handle only 2 MACSEC sessions.

This was tested with multiple MACSEC sessions and interfaces flapped.

 
          ge-0/0/4          ge-0/0/4        ge-0/0/25      ge-0/0/17
+--------------+               +--------------+                +-------------+
|              +---------------+              +----------------+             |
| EX4300-A     |5             5| EX4300-DUT   |26            18| EX4550      |
|              +---------------+              +----------------+             |
|              |6             6|              |27            19|             |
|              +---------------+              +----------------+             |
|              +---------------+              +----------------+             |
+--------------+7             7+--------------+                +-------------+
                                            xe-0/2/0        xe-0/0/13

root@d26-14# run show security macsec connections interface ge-0/0/25
Oct 31 22:41:33
        CA name: ca1
        Cipher suite: GCM-AES-128   Encryption: on
        Key server offset: 0        Include SCI: yes
        Replay protect: off         Replay window: 0
          Outbound secure channels
            SC Id: 5C:45:27:A0:A8:DC/1
            Outgoing packet number: 18 >>>>>>>>>>>>>>>>>>
            Secure associations
            AN: 0 Status: inuse Create time: 00:00:31 >>>>>>>>>>>
          Inbound secure channels
            SC Id: 3C:61:04:5B:31:14/1
            Secure associations
            AN: 0 Status: inuse Create time: 00:00:31

{master:0}[edit]
root@d26-14# run show security macsec connections interface ge-0/0/25
Oct 31 22:41:35
        CA name: ca1
        Cipher suite: GCM-AES-128   Encryption: on
        Key server offset: 0        Include SCI: yes
        Replay protect: off         Replay window: 0
          Outbound secure channels >>>>>>>>>>>>>>>>
            SC Id: 5C:45:27:A0:A8:DC/1
          Inbound secure channels
            SC Id: 3C:61:04:5B:31:14/1

 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search