Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Question on the MACSec CKN

     
    Posted 08-07-2021 09:05

    Hi.

     

    I have a MACSec question.

     

    The CAK is used to encrypt MACSec control messages

    The SAK is used to encrypt MACSec data packets.

     

    What is the CKN used for? How is it communicated in MACSec messages?

     

     

    Thanks,

    Deepak

     



  • 2.  RE: Question on the MACSec CKN

    Posted 08-08-2021 07:58
    The CKN is just an element of the mutual communications between the two nodes.  Does the configuration example showing the use help?

    https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/macsec.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Question on the MACSec CKN

     
    Posted 08-10-2021 15:09
    Hi Steve. 

    I was wondering how both MACsec endpoints are able to confirm that their configured CKNs are the same.

    --Deepak


  • 4.  RE: Question on the MACSec CKN

    Posted 08-10-2021 19:41
    If the preshared keys don't match the decryption just does not work so the connection will fail.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------