Displays configuration, status, and statistics for both MKA and MAC Security (MACsec).
ports | Specifies ports to show MKA and MACsec detailed information on. |
port_list | Lists which ports to show MKA and MACsec detailed information on. |
detail | Selects showing detailed MACsec port information. |
N/A.
# show macsec ports 40 detail PAE Port Table -------------- Port: 40 Port Capabilities : 0x30 Supplicant : No Authenticator : No MKA : Yes MACsec : Yes Announcements : No Listener : No Virtual Ports : No Virtual Ports Enable : Disabled Logon Enable : Enabled Authenticator Enable : Enabled Supplicant Enable : Disabled KaY MKA : Enabled Announcer : Disabled Listener : Disabled LOGON Table ------------------------- Connect : SECURE Port Valid : True NID Table ------------------------- UseEAP : Never UnauthAllowed : Never UnsecuredAllowed : mkaServer UnauthenticatedAccess : noAccess Access Capabilities : 0x08 eap : No eapMka : No eapMkaMacSec : No mka : No mkaMacSec : Yes vendorSpecific : No KaY MKA Table ------------------------- MKA Active : True MKA Authenticated : False MKA Secured : True MKA Failed : False MKA Actor SCI : 00-04-96-a0-6c-e7-00-28 MKA Actor's Priority : 0x2 MKA Key Server Priority : 0x2 MKA Key Server SCI : 00-04-96-a0-6c-e7-00-28 MACsec Confidentiality Offset : 0 MACsec Desired : True MACsec Protect : True MACsec Replay Protect : False MACsec Validate : True MACsec Protection Local MACsec Capability : Integrity, Confidentiality with Offset 0 Peer MACsec Capability : Integrity, Confidentiality with Offset 0 Negotiated Protection : Integrity, Confidentiality with Offset 0 MKA Tx KN : 1 MKA Tx AN : 0 MKA Rx KN : 1 MKA Rx AN : 0 MKA Participant Table ------------------------- CA Name : ca40 CKN : foobar40 Cached : False Active : True Retain : False ActivateControl : Default Principal : True Potential Peer List : Live Peer List : MN, SCI : 46661, 00-11-88-fe-91-8f-00-01 SecY Config Table ------------------------- Protect Frames: Enabled Validate Frames: Strict Replay Protect: Disabled Replay Protect Window: 0 frames SecTAG Transmit Options Include SCI: Enabled Use ES: Disabled Use SCB: Disabled SecY Receive SA AN-0 Table --------------------------- State: inUse Next PN: 35826 Created Time: Wed Aug 22 20:07:15 2018 SecY Receive SC Table ------------------------- SCI: 00-11-88-fe-91-8f-00-01 State: inUse Current SA: 0 Created Time: Wed Aug 22 20:07:14 2018 SecY Transmit SA AN-0 Table ---------------------------- State: inUse Next PN: 4306 Created Time: Wed Aug 22 20:07:15 2018 SecY Transmit SC Table ------------------------- SCI: 00-04-96-a0-6c-e7-00-28 State: inUse Encoding SA: 0 Enciphering SA: 0 Created Time: Wed Aug 22 20:07:08 2018 SecY Interface Statistics ------------------------- SecY: Tx Untagged Pkts : 0 Tx Too Long Pkts : 0 Rx Untagged Pkts : 0 Rx No Tag Pkts : 0 Rx Bad Tag Pkts : 0 Rx Unknown SCI Pkts : 0 Rx No SCI Pkts : 0 Rx Overrun Pkts : 0 Transmit: Secure Channel Protected Pkts : 0 Encrypted Pkts : 4305 Octets Protected : 0 Octets Encrypted : 480308 Secure Association : AN-0 Protected Pkts : 0 Encrypted Pkts : 4305 Receive: Secure Channel, SCI: 00-11-88-fe-91-8f-00-01 Late Pkts : 0 Not Valid Pkts : 0 Delayed Pkts : 0 Unchecked Pkts : 0 OK Pkts : 35825 Octets Validated : 0 Octets Decrypted : 2630318 Secure Association : AN-0 Not Valid SA Pkts : 0 OK Pkts : 35825
This command was first available in ExtremeXOS 30.1.
This command is available on the following platforms.
Note
The MACsec feature requires the installation of the MAC Security feature pack license.Platform | Ports | LRM/MACsec Adapter Required? |
---|---|---|
Summit X460-G2-24p-24hp, X460-G2-24t-24ht switches | Half-duplex, 1G ports (25–48) | No |
All other SFP/SFP+ ports * | Yes | |
Summit X450-G2, X460-G2, X670-G2, and ExtremeSwitching X440-G2, X620, and X690 series switches | SFP/SFP+ ports * | Yes |
Note: * For Summit X460-G2 series switches, the VIM-2X option does
not support the LRM/MACsec Adapter.
|