Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Question on the MACSec CKN

  • 1.  Question on the MACSec CKN

     
    Posted 08-07-2021 09:05

    Hi.

     

    I have a MACSec question.

     

    The CAK is used to encrypt MACSec control messages

    The SAK is used to encrypt MACSec data packets.

     

    What is the CKN used for? How is it communicated in MACSec messages?

     

     

    Thanks,

    Deepak

     



  • 2.  RE: Question on the MACSec CKN

     
    Posted 08-08-2021 07:58
    The CKN is just an element of the mutual communications between the two nodes.  Does the configuration example showing the use help?

    https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/macsec.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Question on the MACSec CKN

     
    Posted 08-10-2021 15:09
    Hi Steve. 

    I was wondering how both MACsec endpoints are able to confirm that their configured CKNs are the same.

    --Deepak


  • 4.  RE: Question on the MACSec CKN

     
    Posted 08-10-2021 19:41
    If the preshared keys don't match the decryption just does not work so the connection will fail.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------