show macsec status

Display the following information for MACsec enabled interfaces:

Syntax

Command Parameters

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

Default

None

Command Mode

User EXEC

Usage Guidelines

This command does not apply to all hardware platforms. For more information about feature support, see Fabric Engine Feature Support Matrix.

Command Output

The show macsec status command displays the following information:

Output field

Description

PortId

Specifies the port ID number.

MACSEC Status

Specifies whether MACsec is enabled.

Encryption Status

Specifies whether encryption is enabled.

Replay Protect

Specifies whether replay protection is enabled.

Replay Protect Window

Specifies the size of the replay protect window.

Encryption Offset

Specifies the number of unencrypted bytes that precede MACsec encryption.

Cipher Suite

Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec.

CA Name

Specifies the name of the Connectivity Association.

MKA-Profile Name

Specifies the name of the MKA profile applied to the port.

MKA Connect Status

Specifies the MKA connection status.

Example

The following example displays MACsec status for all ports:

Switch:1#show macsec status

==========================================================================================================================
                                                    MACSEC Port Status
==========================================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile      MKA Connect
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name             Status
--------------------------------------------------------------------------------------------------------------------------
1/13     disabled   disabled    disabled   --              none            AES-128   NIL	  --                --
1/14     disabled   disabled    disabled   --              none	     AES-128   NIL         --                --
1/15     enabled    disabled    enabled    50              ipv4Offset(30)  AES-256   mkanka   extreme           pending 

The following example displays MACsec status for a specific port:

Switch:1#show macsec status 1/13

==========================================================================================================================
                                                    MACSEC Port Status
==========================================================================================================================
         MACSEC     Encryption  Replay      Replay        Encryption       Cipher     CA       MKA-Profile      MKA Connect
PortId   Status     Status      Protect     Protect W'dow   Offset         Suite      Name     Name             Status
--------------------------------------------------------------------------------------------------------------------------
1/13     enabled	disabled    enabled     50          ipv4Offset(30)  AES-256   mkanka   extreme          pending