The setup I have to realize is:
Juniper EX4550 ===Provider Switch===Provider Switch===Juniper EX4550
I was trying to tap the MACsec traffic using an EX4200 with 10G (non-MACsec) uplink module:
Juniper EX4550 =====xe-0/1/0=EX4200=xe-0/1/2=====Juniper EX4550
||
Sniffer
It looks like that the EX4200 does not forward the ethertypes 0x888e eapol and 0x88e5 macsec.
The MACSec connection is not coming up.
Questions:
1) Is Juniper EX4550 ===Provider Switch===Provider Switch===Juniper EX4550
(L2-Ethernet-WAN connection) a supported setup and what config do I need to request from my provider?
2) Why is the EX4200 not transparently forwarding the MACsec traffic, despite the ethernet-switching table is correctly populated?
{master:0}
root@EX4200-Tap> show ethernet-switching table
Ethernet-switching table: 3 entries, 2 learned, 0 persistent entries
VLAN MAC address Type Age Interfaces
vl_689 * Flood - All-members
vl_689 dc:38:e1:a1:91:03 Learn 0 xe-0/1/2.0
vl_689 ec:13:db:2b:2b:63 Learn 0 xe-0/1/0.0
{master:0}
root@EX4200-Tap>