I'm trying to get MACSec running on a QFX 5120, but not having any luck. Logs just show the following messages.
Mar 10 16:18:36 ARDCCore_A fpc0 opus_macsec_get_stats: MACSec stats get failed for ifd xe-0/0/0
Mar 10 16:18:36 ARDCCore_A fpc0 eth_macsec_stats_get: Failed to fetch MACSec stats for xe-0/0/0
Mar 10 16:18:41 ARDCCore_A fpc0 PFE_SCI_INFO_MISSNG: macsec_ms_sc_info_get MACsec: Cannot find information for sci 0x0
Mar 10 16:18:41 ARDCCore_A fpc0 tvp_drv_bcm_macsec_tx_stats_get: [TVP-PIC-BCM] MACSEC Error in sc_info for ifd xe-0/0/0
Mar 10 16:18:41 ARDCCore_A fpc0 opus_macsec_get_stats: MACSec stats get failed for ifd xe-0/0/0
Traceoptions show nothing useful, just show the following:
Mar 10 16:19:51.949124 macsec_if_stats_by_index
Mar 10 16:19:51.949149 macsec_if_get_next_pn_info: macsec_if: xe-0/0/0 (ifdx:652:enable:0:iflx:0)PFE cur AN & PN [ an_tx:0 an_rx:0 next_pn: 0/0x0000000000000000 ]
Mar 10 16:19:54.470977 macsec_async_recv_cb if:xe-0/0/0 (idx:652 enable:0 iflx:0) received async stats from pfe
Mar 10 16:20:04.464035 macsec_async_recv_cb if:xe-0/0/0 (idx:652 enable:0 iflx:0) received async stats from pfe
I've verified CAK and CKN match on both peers. License is installed. i've increased MTU to to account for best practice. Config is pretty straight forward.
dridge@LabCore_A# show security
macsec {
traceoptions {
file MACSec;
flag debug;
}
connectivity-association macseclab {
security-mode static-cak;
pre-shared-key {
ckn 291125842d3587b02f2b5d9540f9ccba6eb67463d7b61b26b003381189f13c83;
cak "$9$xGTNs2GUH.fTdb5Qn6AtBIESvWdbs2gJsYoGiHmpFn/90BcSeL7-2AxNdV4oJGHjHmFn/CuOTQylevLXNdbsaZk.PAz6bs"; ## SECRET-DATA
}
exclude-protocol lldp;
}
interfaces {
xe-0/0/0 {
connectivity-association macseclab;
}
}
}
dridge@LabCore_A# run show security macsec connections
Interface name: xe-0/0/0
CA name: HSC
Cipher suite: GCM-AES-128 Encryption: on
Key server offset: 0 Include SCI: no
Replay protect: off Replay window: 0
Has anyone experienced this issue before?
------------------------------
MARK EVANS
------------------------------