Displays configuration, status, and statistics for both MKA and MAC Security (MACsec).
| ports | Specifies ports to show MKA and MACsec detailed information on. |
| port_list | Lists which ports to show MKA and MACsec detailed information on. |
| detail | Selects showing detailed MACsec port information. |
N/A.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB# show macsec ports 40 detail
PAE Port Table
--------------
Port: 40
Port Capabilities : 0x30
Supplicant : No
Authenticator : No
MKA : Yes
MACsec : Yes
Announcements : No
Listener : No
Virtual Ports : No
Virtual Ports Enable : Disabled
Logon Enable : Enabled
Authenticator Enable : Enabled
Supplicant Enable : Disabled
KaY MKA : Enabled
Announcer : Disabled
Listener : Disabled
LOGON Table
-------------------------
Connect : SECURE
Port Valid : True
NID Table
-------------------------
UseEAP : Never
UnauthAllowed : Never
UnsecuredAllowed : mkaServer
UnauthenticatedAccess : noAccess
Access Capabilities : 0x08
eap : No
eapMka : No
eapMkaMacSec : No
mka : No
mkaMacSec : Yes
vendorSpecific : No
KaY MKA Table
-------------------------
MKA Active : True
MKA Authenticated : False
MKA Secured : True
MKA Failed : False
MKA Actor SCI : 00-04-96-a0-6c-e7-00-28
MKA Actor's Priority : 0x2
MKA Key Server Priority : 0x2
MKA Key Server SCI : 00-04-96-a0-6c-e7-00-28
MACsec Confidentiality Offset : 0
MACsec Desired : True
MACsec Protect : True
MACsec Replay Protect : False
MACsec Validate : True
MACsec Protection
Local MACsec Capability : Integrity, Confidentiality with Offset 0
Peer MACsec Capability : Integrity, Confidentiality with Offset 0
Negotiated Protection : Integrity, Confidentiality with Offset 0
MKA Tx KN : 1
MKA Tx AN : 0
MKA Rx KN : 1
MKA Rx AN : 0
MKA Participant Table
-------------------------
CA Name : ca40
CKN : foobar40
Cached : False
Active : True
Retain : False
ActivateControl : Default
Principal : True
Potential Peer List :
Live Peer List :
MN, SCI : 46661, 00-11-88-fe-91-8f-00-01
SecY Config Table
-------------------------
Protect Frames: Enabled
Validate Frames: Strict
Replay Protect: Disabled
Replay Protect Window: 0 frames
SecTAG Transmit Options
Include SCI: Enabled
Use ES: Disabled
Use SCB: Disabled
SecY Receive SA AN-0 Table
---------------------------
State: inUse
Next PN: 35826
Created Time: Wed Aug 22 20:07:15 2018
SecY Receive SC Table
-------------------------
SCI: 00-11-88-fe-91-8f-00-01
State: inUse
Current SA: 0
Created Time: Wed Aug 22 20:07:14 2018
SecY Transmit SA AN-0 Table
----------------------------
State: inUse
Next PN: 4306
Created Time: Wed Aug 22 20:07:15 2018
SecY Transmit SC Table
-------------------------
SCI: 00-04-96-a0-6c-e7-00-28
State: inUse
Encoding SA: 0
Enciphering SA: 0
Created Time: Wed Aug 22 20:07:08 2018
SecY Interface Statistics
-------------------------
SecY:
Tx Untagged Pkts : 0
Tx Too Long Pkts : 0
Rx Untagged Pkts : 0
Rx No Tag Pkts : 0
Rx Bad Tag Pkts : 0
Rx Unknown SCI Pkts : 0
Rx No SCI Pkts : 0
Rx Overrun Pkts : 0
Transmit:
Secure Channel
Protected Pkts : 0
Encrypted Pkts : 4305
Octets Protected : 0
Octets Encrypted : 480308
Secure Association : AN-0
Protected Pkts : 0
Encrypted Pkts : 4305
Receive:
Secure Channel, SCI: 00-11-88-fe-91-8f-00-01
Late Pkts : 0
Not Valid Pkts : 0
Delayed Pkts : 0
Unchecked Pkts : 0
OK Pkts : 35825
Octets Validated : 0
Octets Decrypted : 2630318
Secure Association : AN-0
Not Valid SA Pkts : 0
OK Pkts : 35825
This command was first available in ExtremeXOS 30.1.
This command is available on the following platforms.
Note
The MACsec feature requires the installation of the MAC Security feature pack license.| Platform | Ports | LRM/MACsec Adapter Required? |
|---|---|---|
| Summit X460-G2-24p-24hp, X460-G2-24t-24ht switches | Half-duplex, 1G ports (25–48) | No |
| All other SFP/SFP+ ports * | Yes | |
| Summit X450-G2, X460-G2, X670-G2, and ExtremeSwitching X440-G2, X620, and X690 series switches | SFP/SFP+ ports * | Yes |
|
Note: * For Summit X460-G2 series switches, the VIM-2X option does
not support the LRM/MACsec Adapter.
|
||