See Feature Explorer for a full listing of Junos OS releases and platforms that supportMACsec.
Table 2: MACsec Hardware andSoftware Support Summary for EX Series and QFX Series Switches
Switch | MACsec-capable Interfaces | Switch-to-Switch Support Introduction | Switch-to-Host Support Introduction | Encryption |
|---|---|---|---|---|
EX3400 | 10GbE fiber interfaces and 1GbE copper interfaces. | 15.1X53-D50 | 15.1X53-D50 | AES-128 Note: MACsec is not available on the limited Junos OS image package. |
EX4200 Sunset skyway mac os. | All uplink port connections on the SFP+ MACsec uplink module. | 13.2X50-D15 | 14.1X53-D10 | AES-128 |
EX4300 | All access and uplink ports. Both QSFP+ interfaces on the EX-UM-2QSFP-MR uplink module for EX4300-48MP switches. | 13.2X50-D15 | 14.1X53-D10 | AES-128 AES-256 (EX4300-48MP only) |
EX4550 | All EX4550 optical interfaces that use the LC connection type.See Pluggable Transceivers Supported on EX4550 Switches. | 13.2X50-D15 | 14.1X53-D10 | AES-128 |
EX4600 | All twenty-four fixed 1GbE SFP/10GbE SFP+ interfaces and all interfaces that supportthe copper Gigabit Interface Converter (GBIC). All eight SFP+ interfaces on the EX4600-EM-8F expansion module. | 14.1X53-D15 Note: MACsec is not supported on EX4600 in Junos OS Release 15.1. | Not supported | AES-128 |
EX9200 | All forty SFP interfaces on the EX9200-40F-M line card. All twenty SFP interfaces on the EX9200-20F-MIC installed in an EX9200-MPC line card. Note: You can install up to two EX9200-20F-MIC MICs in an EX9200-MPC line card for a maximumof forty MACsec-capable interfaces. The reverse broke mac os. All forty SFP+ interfaces on the EX9200-40XS. | 15.1R1 | 15.1R1 | AES-128 Note: Starting in Junos OS Release 18.2R1, AES-256is supported on the EX9200-40XS line card. |
QFX5100 | All eight SFP+ interfaces on the EX4600-EM-8F expansion module installed in a QFX5100-24Qswitch. | 14.1X53-D15 Note: MACsec is not supported on QFX5100-24Q switches in Junos OS Release 15.1. | Not supported | AES-128 |
QFX10008 and QFX10016 | All six interfaces on the QFX10000-6C-DWDM line card. | 17.2R1 Note: Static CAK mode only. | Not supported | AES-128 and AES-256 Note: When enabling MACsec on the QFX10000-6C-DWDM line card, we recommend using a ciphersuite with extended packet numbering (XPN). Supported XPN cipher suites are GCM-AES-XPN-128and GCM-AES-XPN-256. |
All 30 interfaces on the QFX10000-30C-M line card. | 17.4R1 Note: Static CAK mode only. | Not supported | Cueist mac os. AES-128 and AES-256 Note: When enabling MACsec on the QFX10000-30C-M line card, we recommend using a cipher suitewith extended packet numbering (XPN). Supported XPN cipher suites are GCM-AES-XPN-128 andGCM-AES-XPN-256. |
Understanding MACsec in a Virtual Chassis
MACsec can be configured on supported switch interfaces when those switches are configuredin a Virtual Chassis or Virtual Chassis Fabric (VCF), includingwhen MACsec-supported interfaces are on member switches in a mixed Virtual Chassis or VCFthat includes switch interfaces that do not support MACsec. MACsec, however, cannot be enabledon Virtual Chassis ports (VCPs) to secure traffic travelling between member switches in aVirtual Chassis or VCF.
Understanding the MACsec Feature License Requirement
A feature license is required to configure MACsec on EX Series and QFX series switches,with the exception of the QFX10000-6C-DWDM and QFX10000-30C-M line cards. If the MACsec licenceis not installed, MACsec functionality cannot be activated.
To purchase a feature license for MACsec, contact your Juniper Networks sales representative(https://www.juniper.net/us/en/contact-us/sales-offices). The Juniper sales representative will provide you with a feature license fileand a license key. You will be asked to supply the chassis serial number of your switch; youcan obtain the serial number by running the no- auto-negotiation on PHY84756 1G SFP ports before configuring MACsec on those ports.
Related Documentation
background
if you are interested in the research of malware and vulnerabilities on macos, the blogs from objective-see.com are great study resource. the blog series 'monitoring process creation via the kernel' explains how to monitor process creation via the kernel using macf and kauth (kernel authorization). however, it did not show how to implement monitor process execution with command line arguments. during the process of analyzing malware on macos, the malware usually executes new processes to perform specific malicious activities in background. these new processes are frequently executed with command line arguments. so to analyze them, it's fairly necessary to monitor process execution with all of the command line arguments.
developing a tool to monitor process execution
first, you need to register your mac policy, as shown in figure 1.
v-pre=''>background
if you are interested in the research of malware and vulnerabilities on macos, the blogs from objective-see.com are great study resource. the blog series 'monitoring process creation via the kernel' explains how to monitor process creation via the kernel using macf and kauth (kernel authorization). however, it did not show how to implement monitor process execution with command line arguments. during the process of analyzing malware on macos, the malware usually executes new processes to perform specific malicious activities in background. these new processes are frequently executed with command line arguments. so to analyze them, it's fairly necessary to monitor process execution with all of the command line arguments.
developing a tool to monitor process execution
first, you need to register your mac policy, as shown in figure 1.
>