Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

show macsec all

Use this command to display the MACsec configuration.

Syntax

show macsec all port-string verbose

Parameters

port-string A single port.
verbose (Optional) Displays a verbose level of macsec configuration information.

Defaults

None.

Mode

All command modes.

Example

This example shows how to display MACsec configuration information for port "ge.1.10":

MIKE-S1A-110(su)->show macsec all ge.1.10

PAE Port Table
-------------------------
Port: ge.1.10
Controlled Port Number      : 12610
Uncontrolled Port Number    : 12310
Common Port Number          : 12010

MKA Protocol Config
-------------------------

Port         MKA Life Time
------------ -------------
ge.1.10      6

LOGON Table
-------------------------
Port: ge.1.10
Connect                 : secure
Port Valid              : true

NID Table
-------------------------
Port: ge.1.10
NID                     : nid-012010
UnauthAllowed           : never
UnsecuredAllowed        : immediate

KaY MKA Table
-------------------------
Port: ge.1.10
MKA Active                    : true
MKA Secured                   : true
MKA Actor SCI                 : 20-b3-99-bf-ab-1d-00-01
MKA Actor's Priority          : 0x10
MKA Key Server Priority       : 0x10
MKA Key Server SCI            : 20-b3-99-bf-ab-1d-00-01
MKA Tx KN                     : 1
MKA Tx AN                     : {12610, 0}
MKA Rx KN                     : 1
MKA Rx AN                     : {12610, 32, 179, 153, 191, 171, 216, 0, 1, 0}

MKA Participant Table
-------------------------
Port: ge.1.10
CKN                 : 666F6F
NID                 : nid-012010
Active              : true
Principal           : true

Port: ge.1.10
Potential Peer List :
Live Peer List      :
  MN, SCI : 184929, 20-b3-99-bf-ab-d8-00-01

SecY Config Table
-------------------------
Port: geC.1.10
Protect Frames:        enabled
Validate Frames:       strict
Replay Protect:        enabled
Replay Protect Window: 0 frames

SecY Receive SA Table
-------------------------
Port: geC.1.10
Port ID:         00-01
SCI:             20-b3-99-bf-ab-d8-00-01
Association Num: 0
State:           inUse
Next PN:         18492
SAK Unchanged:   true
Created Time:    0,00:01:26

SecY Receive SC Table
-------------------------
Port: geC.1.10
Port ID:         00-01
SCI:             20-b3-99-bf-ab-d8-00-01
State:           inUse
Current SA:      0
Created Time:    0,00:01:24

SecY Transmit SA Table
-------------------------
Port: geC.1.10
Association Num: 0
State:           inUse
Next PN:         203415
Confidentiality: true
SAK Unchanged:   true
Created Time:    0,00:01:26

SecY Transmit SC Table
-------------------------
Port: geC.1.10
Port ID:         00-01
SCI:             20-b3-99-bf-ab-1d-00-01
State:           inUse
Encoding SA:     0
Enciphering SA:  0
Created Time:    0,00:00:52

SecY Interface Statistics
-------------------------
Port: geC.1.10
SecY:
Tx Untagged Pkts         : 0
Tx Too Long Pkts         : 0
Rx Untagged Pkts         : 0
Rx No Tag Pkts           : 0
Rx Bad Tag Pkts          : 0
Rx Unknown SCI Pkts      : 0
Rx No SCI Pkts           : 0
Rx Overrun Pkts          : 0

Transmit:
    Octets Protected     : 0
    Octets Encrypted     : 21512586

  Secure Association     : AN-0
    Protected Pkts       : 0
    Encrypted Pkts       : 203415

Receive:
  Secure Channel, SCI:  20-b3-99-bf-ab-d8-00-01
    Late Pkts            : 0
    Delayed Pkts         : 0
    Unchecked Pkts       : 0
    Octets Validated     : 0
    Octets Decrypted     : 1725600

  Secure Association     : AN-0
    Unused SA Pkts       : 0
    No Using SA Pkts     : 0
    Not Valid SA Pkts    : 0
    Invalid SA Pkts      : 0
    OK Pkts              : 18491
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page